User Registry PIA Summary

Date of PIA Report: October 2011

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

The User Registry is a key component of eHealth Ontario’s cornerstone information systems, and was designed and built by the identity, access, and privacy program at eHealth Ontario. The User Registry initiative was developed to provide a single solution to control user access to eHealth services and track the electronic identities of prospective individuals and provider organizations that interact with eHealth Ontario’s systems. The User Registry acts as an authentication and authorization service for end-user access to eHealth services such as the chronic disease management system-diabetes registry (CDMS-D), the Ontario laboratories information system (OLIS), and the Ontario drug benefits (ODB) database.

The cornerstone of the User Registry is the federation concept. A federation is an association of organizations that have taken on roles of identity provider or service provider. Service providers, such as eHealth Ontario, provide services for users, and trust the identity providers to authenticate users and provide accurate user information to the service provider, which is used for authorization to the services. The User Registry is a key component in enabling the federated trust model with partnered organizations, and ensuring secure access to personal health information (PHI).

As providers submit service requests to access eHealth services, the User Registry validates and records the requests and maps the federated user identities (as asserted in the request) to the real identities of the providers, found in eHealth Ontario’s Provider Registry (PR). If this validation step is successful, then a service authorization request is made to the User Registry for access to eHealth Ontario services. The User Registry authorizes service entitlement by verifying that the user has the right level of trust to access the requested service, in accordance with appropriate legislation, regulation and policy (as represented by the entitlement rules stored in the User Registry). The User Registry assigns users to pre-defined roles based on their attributes and issues permission or denial for the given service request.

The User Registry does not collect, use or disclose any PHI as defined by Ontario’s Personal Health Information Protection Act, 2004 (PHIPA). The information used by the User Registry for validation and service entitlement includes provider information, such as license number, last name and standing with their regulatory colleges. The information received and used by the User Registry for authorization purposes includes a limited amount of personal information (PI), as defined in the Freedom of Information and Protection of Privacy Act (FIPPA). A physical PIA is required because the User Registry is receiving and using PI from the PR; it interfaces with systems that collect, use, or disclose PI/PHI; and it is ultimately responsible for authenticating/authorizing end-user access to PI and PHI within eHealth Ontario’s infrastructure.

Key Findings

The User Registry Physical PIA considers all components and features in the User Registry production environment, including the version currently in use (release 1), and up to and including UR release 2, as will be deployed as part of the CDMS-D (scheduled for November 2011). Specifically, the scope of the User Registry PIA includes the flow of information to, within, and from the UR to connected systems; business processes that involve the acquisition, recording, storage, usage or sharing of information in the User Registry; and the legislative authority under which eHealth Ontario may operate and manage the User Registry. The PIA also considers the technical, administrative and physical safeguards which have been put in place to ensure that all flows of data occur in a secure and privacy-protective manner, and are in compliance with legislative requirements, relevant agreements, best practices as represented in the Canadian Standards Association Privacy Code and eHealth Ontario’s privacy policies.

The PIA concludes that eHealth Ontario has the overall legislative authorities for operating and managing the User Registry. Additionally, eHealth Ontario has a robust infrastructure for the processing and protection of sensitive data, with policies and practices to protect the privacy of Ontarians and the security of the information retained by eHealth Ontario.

The PIA recommends several measures to ensure that, for the User Registry initiative, eHealth Ontario is in compliance with relevant legislation, as well as eHealth Ontario policies, procedures and privacy best practices.

Risks and Recommendations

The physical PIA provides a number of recommendations associated with the User Registry initiative, as summarized below:

1. eHealth Ontario to use the enhanced provider profile information (EPPI) (consisting of gender and date of birth) obtained from the PR in accordance with the terms of the agreement between the College of Dieticians of Ontario and eHealth Ontario, or amend the agreement as required.
2. eHealth Ontario’s privacy and security groups should be consulted in the definition and implementation of entitlement rules in the UR to check that the access to PHI or PI granted by the rules is appropriate.
3. eHealth Ontario should ensure that its personal information bank is up-to-date with respect to the PI used by the UR.

eHealth Ontario is currently in the process of implementing each of the recommendations identified in the 2011 User Registry Physical PIA.