eReferral Ontario – Electronic Data Transfer (eDT) Integration with Provincial Care Coordination Gateway (PCCG) PIA Summary

Date of PIA Addendum Report: January 29, 2026

Date PIA Summary Last Reviewed and Updated: February 18, 2026

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

As part of the Patients Before Paperwork (Pb4P) initiative, Ontario Health is advancing an integrated provincial approach to referrals and care coordination through the Provincial Care Coordination Gateway (PCCG). The PCCG supports digital referral workflows aimed at improving access to care, reducing wait times, and enabling a more consistent and transparent referral experience for patients, referring practitioners, and receiving providers across Ontario.

This Delta Privacy Impact Assessment (PIA) focuses specifically on the introduction of Electronic Data Transfer (eDT) functionality, as an added service within the existing PCCG solution. The assessment builds on previously completed PIAs for the Pb4P PCCG solution and the PCCG integration with OceanMD and therefore does not re assess privacy risks already evaluated under those initiatives. Instead, this Delta PIA identifies new or incremental considerations arising from the use of eDT to route referrals to destinations that are not yet enabled for direct eReferral - PCCG integration.

While the long-term objective of the Pb4P initiative is to enable end to end digital referrals through standardized eReferral solutions, a significant portion of referral volumes across the province continues to rely on workflows that fall under the broader category of Electronic Data Transfer (eDT), which includes legacy fax-based processes delivered through eFax/fax capabilities. Many receiving providers, including specialist clinics, hospital sites, and Regional Central Intake (CI) Hubs, are not yet technically ready to receive full eReferrals directly. To support continuity of care and adoption targets during this transition period, Ontario Health is enabling eDT functionality (including eFax/fax) within the PCCG as an interim solution.

Under the Phase 1 implementation, eDT functionality, will be available only for referrals originating from OceanMD’s Referral Management System (RMS) and routed through PCCG to designated eDT destinations. In this workflow, referral information captured in standardized referral forms (SRFs) is converted into clinician readable documents (e.g., PDFs) derived from FHIR messages and transmitted via eDT to receiving providers until full eReferral adoption is achieved. While this interim approach supports continuity of referral workflows and reduces reliance on manual faxing, it introduces privacy risks associated with legacy technologies, manual handling processes, and loss of end-to-end visibility once information leaves Ontario Health’s technical environment.

Ontario Health operates the PCCG as a Health Information Network Provider (HINP) under the Personal Health Information Protection Act (PHIPA). Accordingly, this assessment examines the eDT service through a HINP lens, assessing implications for accountability, safeguards, logging and monitoring, accuracy, training, agreements, and roles and responsibilities among Ontario Health, participating Health Information Custodians (HICs), OceanMD, and eDT recipients.

Key Findings

The assessment identified five (5) privacy-related risks.  Each risk, including its corresponding recommendations and current status, are outlined below.

Risks and Recommendations

The PIA makes the following risks and recommendations:

Risk #1: There is a risk that unknown vulnerabilities in legacy systems leveraged to support eDT resulting in unauthorized access or a privacy breach.

Recommendations: Ensure leveraged services have been assessed against known vulnerabilities.  Ensure latest patches or updates applied on leveraged systems and services. Ensure Security Assessment and Privacy Impact Assessment (PIA) conducted on leveraged services.

Ensure all systems and services leveraged to support eDT, including are assessed for known vulnerabilities, kept up to date with current patches, and supported by completed Security Assessments and PIAs.

Status: Completed

Risk #2: Absence of training on handling eDT workflows there is a risk of unauthorized access and privacy breach leading to legislative violation and reputational damages.

Recommendations: Ensure the HICs are aware of their accountabilities and train users on handling and managing eDT workflows including the RACI chart.  Ensure training material is in place and users are trained on deleting / purging eFaxes after it serves its purpose to prevent disclosure of sensitive data or unauthorized access to PI and PHI.  Training materials should also include when to select Central Intake Hub destinations and the criteria for selecting CI Hub.  Ensure relevant security controls are in place to protect sensitive data.

Ensure identified Security Assessment risks are mitigated based on its severity levels.  Agreements should outline HIC obligations for managing eDT services via eReferral Ontario.

Status:  Open

Risk #3:  Manual entry of information required for certain eDT processes may increase the likelihood of errors that could result in unauthorized disclosure or a privacy breach, leading to reputational impacts.

Recommendation: Implement and establish a validation process to maintain contact information accurate, including procedures and processes for manual data entry in eDT workflows. Ensure HICs receive appropriate training on the eDT-enabled functionality and that logging and tracking practices are in place for monitoring eDT transmissions as part of PCCG solution.

Status:  Open

Risk #4: Interim eDT solution may be susceptible to privacy breaches or quality, safety and reliability issues leading to inability to meet regulatory compliance resulting in reputational damages.

Recommendation: Create a transition plan with realistic timelines to phase out eDT based referrals. Ensure contractual agreements are in place clearly outlining responsibilities HIC responsibilities for protecting PI and PHI, including requirements to delete/purge eDT information after it serves its purpose to prevent unauthorized access or disclosure of sensitive data. Ensure project identified risks are mitigated prior to go-live, maintain accuracy and reliability of information in PHSD, and ensure monitoring and auditing are configured to track eDT usage.

Status:  Open

Risk #5: Current agreements between Ontario Health, OceanMD, and HICs may not include the newly added eDT sevices.  Absence of updated agreements, expectations, safeguards, and responsibilities may be unclear, creating risks to information protection and result in reputational damages.

Recommendation:  Ocean legal and Ontario Health should work together to ensure eDT services are included within agreements.  Ensure agreements include safeguarding of sensitive information, outline roles and responsibilities for managing eDT processes.  Update the plain language description for eReferral Ontario and ensure new eDT destinations have appropriate agreements in place for all parties involved; Ontario Health, OceanMD, HICs. 

Status:  Open