Ontario Laboratories Information System Portlet and Client Selector Portlet Integration into ONE Portal PIA Summary

Date of PIA Report: April 2012

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

In order to provide accurate laboratory results and information about patients to end users who use the data in hospitals and other health care settings to provide care to patients, the laboratories who submit data must validate its accuracy and completeness after it is transferred from their local systems to the Ontario Laboratories Information System (OLIS). In order to do this, the OLIS adopters receive access to OLIS data they have submitted through eHealth Ontario’s ONE Portal. OLIS adopters are granted access to ONE Portal through eHealth Ontario’s ONE ID program.

eHealth Ontario has developed a client selector portlet, through which Client Registry (CR) data (populated with Registered Persons Database (RPDB) data from the Ministry of Health and Long-Term Care (MOHLTC)) is made available to OLIS adopters. The purpose of making the client selector portlet available to the OLIS adopters is to ensure that the correct OLIS record is accessed for the correct patient. The deployment of the client selector portlet through ONE Portal is the first use of this portlet.

eHealth Ontario’s OLIS portlet will provide each OLIS adopter with access to the lab data that was submitted to OLIS by that laboratory. Only the lab data that was originally contributed by each OLIS adopter is made available through the OLIS portlet to each OLIS adopter. The purpose of making previously contributed laboratory data available to each OLIS adopter is to verify accuracy and completeness of the data.

Key Findings

The scope of the OLIS portlet and client selector portlet integration in ONE Portal delta PIA includes and analysis on the flow of information to and from the portlets in the OLIS community that are used by OLIS adopters for the purposes of validating the accuracy and completeness of lab data; the introduction of the client selector portlet and the OLIS portlet into the OLIS client self-test (CST) and production environments in ONE Portal; the purposes and processes for verifying lab data within the OLIS community in ONE Portal; and the safeguards which have been put in place to ensure that all collections, uses and disclosures of personal health information (PHI) occur OLIS Portlet and Client in a secure and privacy-sensitive manner, and are in compliance with eHealth Ontario’s privacy policies, relevant agreements and legislative requirements.

The PIA concludes that eHealth Ontario has the overall Personal Health Information Protection Act, 2004 (PHIPA) authorities for making the OLIS portlet and client selector portlet available in the ONE Portal, under s. 6(1) and 6.2 of O.Reg. 329/04. Additionally, eHealth Ontario has a robust infrastructure for the processing of sensitive PHI, with policies and practices to protect the privacy of Ontarians and the security of the information in the custody of eHealth Ontario.

The PIA makes recommendations to ensure that the data received and utilized by eHealth Ontario, for the purposes of the client registry, complies with PHIPA and O.Reg. 329/04 as well as eHealth Ontario policies, procedures and privacy best practices.

Risks and Recommendations

The Delta PIA provides a number of recommendations associated with this initiative, as summarized below:

  1. The ZBR.4 filter, which ensures each OLIS adopter only sees the lab data submitted to OLIS by that lab, to be implemented prior to go-live.
  2. Additional data elements (patient address and phone number) to be removed from the current client selector portlet prior to go-live.
  3. eHealth Ontario to develop and document an access control procedure, which sets out the approvals process for access to PHI within eHealth Ontario’s systems by eHealth Ontario staff and service providers.
  4. A periodic review of system audit logs to be completed to ensure there is no inappropriate access to OLIS data.
  5. eHealth Ontario to implement all threat risk assessment (TRA) recommendations prior to go-live.

eHealth Ontario has implemented all the recommendations identified in the 2012 OLIS Portlet and Client Selector Portlet in ONE Portal delta PIA.

More Like This

Last Updated: March 11, 2026

The information on this website is intended for informational purposes only and is not a substitute for medical advice. Always consult your health care provider if you have questions or concerns. The use of the information on this website does not create a physician-patient relationship between Ontario Health and you.
Ontario Health is committed to ensuring accessible services and communications to individuals with disabilities. To receive any information on this website in an alternate format, please contact Ontario Health’s Communications Department at: 1-877-280-8538, TTY 1-800-855-0511, or by email at info@ontariohealth.ca.

The province of Ontario Logo
© Ontario Health 2025