eReferral Ontario - Provincial Care Coordination Gateway (PCCG) Integration with OceanMD PIA Summary

Date of PIA Report: March 31, 2025

Date PIA Summary Last Reviewed and Updated: September 22, 2025

The following is a summary of the Provincial Care Coordination Gateway (PCCG) Integration with OceanMD PIA, including a brief background, key findings, and risks and recommendations as applicable. See our Contact Us page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Preamble

The OceanMD Integration with the PCCG PIA was conducted on March 31, 2025, based on an initial assessment that identified the vendor as an Electronic Service Providers (ESPs) within the Referral network. Subsequent reviews of additional material revealed that OceanMD is a Third-Party Service Provider for Ontario Health regarding eReferral Ontario - Health Information Network Provider (HINP) services, which is outside of PHIPA authority. Although this update does not significantly impact the overall assessment, it is crucial to formally document this new understanding in the PIA, prompting the addition of this briefing note.

Background

The Provincial Care Coordination Gateway is an Ontario Health digital asset that supports the routing of referrals in the new eReferrals network.   It ensures that referrals are delivered electronically from source to destination without the need of point-to-point integration to connect the Referring Practitioner’s RMS and Receiving Provider’s RMS. It will leverage the OAG providing services to facilitate referral transactions. 

The PCCG engages with Ontario Health major provincial assets (Provincial Health Services Directory, ONE ID, Provincial eForms, etc.,) in the creation of an effective Referral Network.  The service will enable for real-time routing and analytics, allowing for real-time wait times for the different states of a referral. All transactions passing through the PCCG will be logged and tracked and a copy of the referral will be stored in the Provincial eReferral Repository. This makes referral information available to patients and providers. Appointment information will be contributed to the eReferral Repository to support wait time calculation, and appointment reminders. HL7-v2 mapping is supported by the PCCG, allowing for better interoperability between community and hospital-based systems.

PCCG Solution is built as an Application Programming Interface (API) that is only accessible behind an existing network gateway (OAG) and leverages other existing solutions such as eConsult and eReferral.  The PCCG solution will be behind the OAG, meaning that, in order to access the PCCG Solution, users are required to meet the OAG user authentication requirements.  This will be confirmed during the end-to-end TRA for the eReferral network carried out by Ontario Health.

The PCCG Solution is positioned to be the network “hub” in support of eReferral and eConsult transactions. The hub will allow approved vendor systems to communicate with one another using health care standards such as Fast Healthcare Interoperability Resources (FHIR). 

In addition, the PCCG Solution will be interacting with other Ontario Health assets, such as: ONE ID, Provincial Health Service Directory (PHSD), Provincial eForms, Client Health-Related Information System (CHRIS), OTN Hub eConsult, eReferral Repository, Central Waitlist Management, etc.

This PIA evaluates the OceanMD RMS integration with the PCCG.  The integration between the PCCG and OceanMD RMS will ensure that referrals are delivered electronically from source to destination without the need of point-to-point integration to connect the Referring Practitioner’s RMS and Receiving Provider’s RMS. 

OceanMD solution will enable real-time routing, allowing for real-time wait times to be collected at the different states of a referral.  All transactions passing through the PCCG will be logged and tracked.  The development of the PCCG and the OceanMD vendor solution is based on Fast Healthcare Interoperability Resources (FHIR) Implementation Guide.  The Ontario eReferral - eConsult FHIR Implementation Guide (IG) was written to support implementers of systems that will use HL7 FHIR to facilitate communication between health care practitioners and service providers performing electronic patient referrals and/or electronic consultations in the province of Ontario. It provides business context, use cases, and information flows that are specific to the Ontario eReferral and eConsult ecosystem and is designed to be generic enough to support many different pathways.

Key Findings

This assessment concludes that OceanMD, in delivering its services, is functioning as an Electronic Service Provider (ESP) to enable health information custodians (HICs) to collect, use, and disclose PHI electronically, while also providing services to Ontario Health, which operates the PCCG as a health information network provider (HINP). These services are facilitated through eReferral Ontario.

For the Ocean MD integration with the PCCG, the initial privacy analysis of the initiative identified eight (8) privacy-related risks, including, as per our risk exposure matrix: eight (8) medium risks. Most of these risks have been addressed and resolved, those that remain open are outlined below along with corresponding recommendations.

In accordance with Ontario Health’s Privacy Risk Management policy and procedures, the Chief Privacy Officer (CPO) approves and endorses the results of the PIA and risk management process, and should there be a risk or risks that cannot be mitigated to an acceptable risk tolerance of minor, the designated business or portfolio owner must:

• review and sign off the Risk Acceptance Form;
• prepare a supporting documentation (briefing note) addressing possible consequences as a result of accepting the risk(s) and not implementing the recommendation(s) provided by Strategy, Planning, Privacy, Analytics and Risk; and
• submit the Risk Acceptance Form and supporting documentation to the Executive Lead for the applicable portfolio and to the Executive Lead for Strategy, Planning, Privacy, Analytics and Risk for review and approval.

Ontario Health’s PIA standard recommends that all high and moderate risks be mitigated to an acceptable level (low) prior to a project going live.

Risks & Recommendations

Risk 1: OceanMD relies on Ontario Health to ensure agreements between HICs and other parties involved for the newly built PCCG environment. Unknown contractual agreements may lead to legislative violations as well as privacy breaches. 

Recommendations: Ontario Health and OceanMD should work with their legal representative to ensure existing contracts and agreements are relevant for newly build PCCG Solution.  If new contractual agreements are required or need to be updated, follow necessary steps in fulfilling relevant agreements prior to go-live with the solution.

Status: Closed

Risk 2: eConsult network diagrams utilized for the eReferral solution by OceanMD.  The network diagrams do not depict PCCG integration with OceanMD.  In absence of detailed network diagrams, there is a potential that the PCCG solution may not be able to recover in a timely manner during a system outage or compromise. This could lead to the PCCG solution being inaccessible for the referral solution, resulting in reputational damages.

Recommendations: OceanMD should update the network diagrams as well as relevant documentation to include OceanMD integration with PCCG Solution.  

Status: Closed

Risk 3: OceanMD supports Multi-factor Authentication (MFA) for the referral solution however, end users are not required to enable MFA.  OceanMD solution is accessible via internet as it is an internet facing solution and as such MFA for all users should be implemented.

Recommendations: To prevent security and privacy breaches, and unauthorized access to the internet facing solution, OceanMD should place mandatory multifactor authentications for all users accessing the solution.

Status: Open

Risk 4:  OceanMD solution logs are retained locally on servers instead of centrally managed.  Lack of centralized logging can lead to inability to comply with the regulation requirements such as PHIPA and FIPPA resulting in legislative violation and reputational damages. 

Recommendations: Ensure OceanMD logs for the Integration with PCCG logs are centralized, and available for future investigation.  Ensure that appropriate and relevant retention period for all logs is established to guarantee their availability for any future investigation. Ensure logs are monitored and reviewed on a regular basis.

Status: Closed

Risk 5:  OceanMD environment includes both organization-owned devices and user-owned devices (BYOD).   BYOD can introduce risks related to the confidentiality, integrity, and availability of critical business resources.  If a personal device is lost, stolen, or compromised, it could lead to a security breach, creating the potential for unauthorized access to PI and PHI. This may result in privacy breaches and lead to reputational damages. 

Recommendations: Ensure user devices accessing PCCG solution are organization owned and managed.  If the organization supports the Bring Your Owned Device (BYOD), ensure these devices are encrypted, multifactor authentication is enabled, communication is encrypted as well as device itself is encrypted, and the device has malware protection installed to prevent breaches.  Ensure BYOD devices are equipped with remote wipeout capabilities to ensure confidentiality and integrity of the sensitive information if device is lost or falls under wrong hands.

Status: Closed

Risk 6:  Same Single Sign-On (SSO) account used for multiple OceanMD sites.  A breach of user credentials will allow unauthorized personnel to access multiple sites leading to privacy breaches at multiple locations resulting in reputational damages.

Recommendations:  Ensure separate accounts are utilized for different clinics to prevent compromised accounts impacting multiple clinics.  Ensure multi-factor authentication used for SSO.

Status: Open

Risk 7: Reliance on previous agreements for accessing registries such as Provincial Provider Registry may lead to collection and use of sensitive information without approval for the new PCCG integration with RMS solution resulting in legislative violation as well as reputational damages.

Recommendations:  Ontario Health and OceanMD to work together to determine which registries will be utilized for the PCCG integration with OceanMD RMS.  Ensure a Prescribe Entity Schedule, and a Data Sharing Agreements for data contributions to the Referral Repository are in place. Also, ensure relevant agreements are in place for accessing, and using data for Ontario Health registries such as Provincial Provider Registry, and eReferral Repository prior to go-live.

Status: Closed

Risk 8:  Previous Privacy and Security assessments conducted by the OceanMD was based on vendor product and not specific to the PCCG integration with OceanMD.  There is a potential for configuration errors or operational error and omission may lead to exposure or unauthorized access to sensitive information resulting in reputational damages.

Recommendations:  Project team should ensure relevant privacy and security assessments are conducted specifically on the PCCG integration with OceanMD solution.  At minimum, OceanMD should conduct a penetration test to ensure the configuration of the overall solution is free from known vulnerabilities.

Status: Closed