Integration Facility PIA Summary

Date of PIA Report: October 2011

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

The function of the Integration Facility is to act as a security gateway to eHealth Ontario infrastructure by managing and controlling requests for data from external systems; specifically the Chronic Disease Management System – Diabetes Registry (CDMS-D) and Portal Services at The Ottawa Hospital. The Integration Facility acts as an authorization service and intercepts requests for access to data in eHealth Ontario’s care, forwards the request to the appropriate system to retrieve the data if valid, and rejects the request if not valid.

The Integration Facility is one of the cornerstone information systems that will support the deployment of a longitudinal electronic health record for all Ontarians. The Integration Facility does not collect, use, disclose, or retain any personal information (PI) or personal health information (PHI). The principal function of the Integration Facility is to accept or deny requests for access to data in other eHealth systems, such as the client registry, the provider registry, the Ontario laboratory information system via the common OLIS integration layer, and the Ontario drug benefit database.

Because the Integration Facility is part of an integrated set of systems which will process data including PHI as defined by Ontario’s Personal Health Information Protection Act, 2004, eHealth Ontario policies require that a PIA of the initiative be undertaken.

Key Findings

The scope of the Integration Facility PIA includes all components of the system up to and including release two, scheduled for November 2011. The PIA analyzes the legislative authority under which eHealth Ontario receives requests for data from calling systems and passes these requests to other eHealth Ontario systems in order to retrieve the data requested. The PIA also considers the technical, administrative and physical safeguards which have been put in place to ensure that all data flows occur in a secure and privacy protective manner, and are in compliance with legislative requirements, relevant agreements, best practices as represented in the Canadian Standards Association Privacy Code and eHealth Ontario’s privacy policies, procedures and privacy best practices.

The PIA concludes that eHealth Ontario has the overall mandate for operating and managing the Integration Facility. The Integration Facility is a security control which ensures data in eHealth Ontario’s care is only supplied to individuals and entities that are entitled to access that data. Additionally, eHealth Ontario has a robust infrastructure for the processing of sensitive PHI, with policies and practices to protect the privacy of Ontarians and the security of the information in the custody of eHealth Ontario.

The PIA recommends several measures to ensure that the data received and utilized by eHealth Ontario, for the purposes of the Integration Facility, complies with eHealth Ontario policies, procedures and privacy best practices.

Risks and Recommendations

The physical PIA provides a number of recommendations associated with the Integration Facility initiative, as summarized below:

  1. eHealth Ontario to develop and document an access control procedure, which sets out the approvals process for administrator access to eHealth Ontario’s systems by eHealth Ontario staff and service providers. eHealth Ontario to ensure that all accesses to the integration facility are logged and monitored on an ongoing basis.
  2. eHealth Ontario to develop and implement a data retention policy for data in all its systems in order to ensure that data is not retained for longer than necessary to fulfill the identified purpose.

eHealth Ontario is currently in the process of implementing each of the recommendations identified in the 2011 integration facility PIA.

More Like This

Last Updated: March 11, 2026

The information on this website is intended for informational purposes only and is not a substitute for medical advice. Always consult your health care provider if you have questions or concerns. The use of the information on this website does not create a physician-patient relationship between Ontario Health and you.
Ontario Health is committed to ensuring accessible services and communications to individuals with disabilities. To receive any information on this website in an alternate format, please contact Ontario Health’s Communications Department at: 1-877-280-8538, TTY 1-800-855-0511, or by email at info@ontariohealth.ca.

The province of Ontario Logo
© Ontario Health 2025