Infrastructure Evolution Program PIA Summary

Date of PIA Report: December 2012

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

eHealth Ontario’s data centre services (DCS) strategy, developed in 2011, outlined a plan for migrating core Electronic Health Record (EHR) services out of leased facilities at the Markham Data Centre to the government-owned Guelph Data Centre (GDC). This move allowed the agency to expand its products and services using state-of-the-art equipment. The facility in Guelph also enabled a lights out, always on environment, with strictly enforced policies and processes that greatly reduced the need for physical access.

The transition program included: building infrastructure in a new data centre (GDC), cornerstone systems high availability/disaster recovery (HA/DR), server lifecycle and infrastructure management (SLIM), and data centre local area network (LAN) migration projects.

The primary reasons for the transition were to drive cost efficiencies, staff effectiveness, availability, resiliency and recoverability within the server platforms, and achieve server virtualization to optimize the value received by customers. Other objectives included:

• Minimizing the physical footprint within the data centres.
• Utilizing the new GDC data centre technology, a provincially owned asset, to deliver the technology base required to deliver high availability applications in support of eHealth Ontario present and future programs. The facility is a highly secure Tier 4 centre, which means it meets the highest industry standards internationally.
• Transitioning out of the Markham data centre (MCC).
• Focusing migration on core eHealth Ontario applications/services.

Key Findings

The purpose of the PIA is to evaluate the safeguards that have been implemented at the GDC and within the associated projects. This physical PIA identifies privacy requirements, risks, and recommendations.

The physical PIA concludes that the Infrastructure Evolution Program (IEP) transformation project has been well-planned and documented. The policies, procedures and agreements regarding operational measures pose minimal risks to the personal information (PI) and personal health information (PHI) held at the GDC location. The privacy risks identified in this document relate to accountability and security.

Risks and Recommendations

The physical PIA makes two recommendations:

1. eHealth Ontario should inform its employees who access GDC the premises that their personal information (PI) is captured by the close-circuit TV (CCTV) and may be subject to an access request made under the Freedom of Information and Protection of Privacy Act (FIPPA).
2. eHealth Ontario should consider updating the process for decommissioning physical hardware, described in section 8.1 of the infrastructure lifecycle management processes and procedures to ensure that electronic media or data is securely erased if the server is to be repurposed for another use.

At the time of writing, eHealth Ontario had mitigated both of these recommendations.