Provincial Client Registry (ProvCR) Phase 1 Bundle 2 PIA Summary

Date of PIA Report: December 2014

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

eHealth Ontario is required to connect the Provincial Client Registry (ProvCR) to health systems across the province so health care providers have access to a provincial authoritative source of patient identification information. This resolves multiple identifiers (For example, health card numbers and medical record numbers) used across health care systems to identify a single patient. It is integral to the successful operation of an electronic health record (EHR), to ensure that patients, whose information is recorded in the EHR, are uniquely identified. As well, the ProvCR is integral to ensuring patients’ clinical information is consistently managed in the EHR, which includes supporting health care organizations access request process and the application of consent directives across the EHR.

The use of ProvCR data results in the following benefits:

• Serve as an identity management system that links and integrates patient records accurately;
• Eliminate duplicate patient records;
• Enable timely access to information for improved decision making at the point of care;
• Improve workflow for health care providers reducing dependency on paper-based systems; and

Ensure fewer gaps in patient information as patients move between health care settings.

Key Findings

The PIA identifies privacy requirements, risks and recommendations for ProvCR as a result of changes to technology, use, disclosure and safeguards. This direction supports eHealth Ontario in building a privacy compliant solution based on a risk management approach. It allows eHealth Ontario to identify opportunities as early as possible to preserve or enhance Ontarian’s privacy rights through the design and operation of ProvCR.

The PIA concludes that eHealth Ontario has the overall Personal Health Information Protection Act (PHIPA) authority under section 6.2 of O.Reg. 329/04 to use ProvCR data for the purposes of creating and maintaining an EHR. ProvCR data will be made available to health care providers who use Digital Imaging Common Service (DI CS) to accurately identify patients in order to find their corresponding electronic health record.

eHealth Ontario has a robust infrastructure with strong privacy and security safeguards suitable for the processing and sharing of personal health information (PHI). The PIA makes a recommendation to ensure that data received and utilized by eHealth Ontario for the purposes of maintaining and operating the ProvCR complies with O.Reg. 329/04, section 6.2 as well as its policies, procedures and privacy best practices.

Risks and Recommendations

eHealth Ontario to enter into agreements with the Ministry of Health and Long-Term Care (MOHLTC) to operate the ProvCR and make patient identification information available to health care providers through the EHR.

eHealth Ontario is currently initiating this recommendation.