Ontario Laboratories Information System (OLIS) ConnectingGTA (cGTA) Integration PIA Summary

Date of PIA Report: August 2012

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

The Ontario Laboratories Information System (OLIS) ConnectingGTA (cGTA) (OLIS-cGTA) initiative is part of the OLIS go-to-market strategy and aligns with the broader eHealth Ontario Strategy for the electronic health record. eHealth Ontario and the ConnectingGTA project are collaborating to make laboratory information from OLIS available to authorized users of the Patient Results Online (PRO) Viewer, a clinical application operated by University Health Network–Shared Information Management Services (UHN-SIMS). Authorized users of PRO include clinicians from a number of participating Toronto area hospitals including; UHN, Sunnybrook Hospital, Mount Sinai Hospital, St. Michael’s Hospital and Trillium Health Centre.

PRO allows OLIS data to be displayed in a format that is consistent with the look and feel, which PRO users are familiar with, and in a format that is consistent with the way PRO users are accustomed to viewing clinical data.

Clinicians will only be able to search on patients who are registered for care within their hospital settings. The viewer will allow the clinicians to view, and where appropriate, print data from PRO for the purpose of providing or assisting in the provision of health care.

This project involves the use and disclosure of Ontarians’ personal health information, and is therefore guided by the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA only allows for collection, use, and disclosure of personal health information (PHI) under particular conditions.

Key Findings

The delta PIA report identifies privacy requirements, risks, and recommendations for the OLIS-cGTA initiative as a result of changes in governance, users, disclosure and safeguards. This direction supports eHealth Ontario in building a privacy compliant solution based on a risk management approach. It allows eHealth Ontario to identify opportunities as early as possible in order to preserve or enhance Ontarians’ privacy rights through the design and operation of the OLIS-cGTA initiative.

The delta PIA concludes that eHealth Ontario has the overall PHIPA authority under section 6.2 of O. Reg 329/04 to make OLIS data available to clinicians at the participating cGTA hospitals for the purpose of providing or assisting in the provision of health care. Additionally, both eHealth Ontario and UHN, each have a robust infrastructure with strong privacy and security safeguards suitable for the processing and sharing sensitive PHI. The delta PIA makes a number of recommendations for this initiative, to ensure that eHealth Ontario continues to act in compliance with its privacy obligations in respect of legislation, policy and best practice.

The PIA makes recommendations to ensure that the data received and utilized by eHealth for the purposes of maintaining and operating OLIS complies with Ontario Regulation 329/04, s6.2 as well as eHealth Ontario policies, procedures and privacy best practices.

Risks and Recommendations

The delta PIA provides a number of recommendations associated with the OLIS initiative, as summarized below:

  1. eHealth Ontario to execute agreements with UHN and participating health information custodians who will be accessing OLIS data as per eHealth Ontario privacy policy.
  2. eHealth Ontario to require participating health information custodians to perform periodic audits to assess inappropriate access to OLIS data via the PRO application.
  3. eHealth Ontario and UHN to develop a risk treatment plan prior to go-live to address applicable security risks.
  4. eHealth Ontario to work with UHN and participating health information custodians to ensure that coordinated privacy incident management and individual access processes are fully established in advance of go-live.

At the time of writing this PIA summary, all recommendations noted above had been implemented.

More Like This

Last Updated: March 11, 2026

The information on this website is intended for informational purposes only and is not a substitute for medical advice. Always consult your health care provider if you have questions or concerns. The use of the information on this website does not create a physician-patient relationship between Ontario Health and you.
Ontario Health is committed to ensuring accessible services and communications to individuals with disabilities. To receive any information on this website in an alternate format, please contact Ontario Health’s Communications Department at: 1-877-280-8538, TTY 1-800-855-0511, or by email at info@ontariohealth.ca.

The province of Ontario Logo
© Ontario Health 2025