Statement of Information Practices for Client Health and Related Information System (CHRIS)

Ontario Health’s mandate is set out in the Connecting Care Act, 2019. It includes implementation of health system strategies developed by the Ministry of Health, through various information technology and data management services. These services include the Client Health and Related Information System (CHRIS).

Commitment to Privacy

We are committed to respecting personal privacy, safeguarding confidential information and ensuring the security of the personal health information (PHI) in our custody. Our commitment is demonstrated through our robust Privacy Program.

This Statement of Information Practices explains how Ontario Health and health organizations participating in CHRIS manage and handle PHI in compliance with privacy laws and industry best practices. The practices outlined in this statement are based on the 10 Fair Information Principles of the Canadian Standards Association’s Model Code for the Protection of Personal Information and applicable Ontario privacy legislation.

What is CHRIS?

CHRIS is a provincial web-based platform that we operate to support the delivery of home and community care as well as long-term care placement for Ontario patients. The CHRIS platform contains several digital applications that health organizations can use to coordinate and plan patient care. These include:

  • Referral Management stores patient referrals received through various channels into a single intake stream that prioritizes and standardizes the referrals.
  • Intake and Eligibility Management helps streamline the triage and intake processes by providing access to current assessment tools (for example, the Resident Assessment Instrument [RAI]) that help determine patient eligibility for home and community care programs.
  • Equipment and Supply Ordering and Oversight helps CHRIS users order, track and invoice equipment suppliers.
  • Waitlist Management for Long-Term Care Facilities helps care coordinators easily add patients to waitlists for long-term care homes in Ontario and track their position in line.
  • Coordinated Care Plan enables care planning among health organizations involved in the care of the same patient.
  • Health Partner Gateway enables secure communication of PHI for the purpose of providing or assisting in the provision of healthcare of patients. Health Partner Gateway supports notifications and referrals among providers.

CHRIS is used by health organizations classified under the Personal Health Information Protection Act, 2004 (PHIPA) as Health Information Custodians (HICs). Each HIC organization that participates in CHRIS is known as a CHRIS Tenant and can contribute patient information to:

  • A tenant specific CHRIS repository, which is only accessible to each individual CHRIS Tenant. This tenant specific CHRIS repository is used by each CHRIS Tenant to store and manage information that is only of use to that Tenant, such as plans, orders and invoices for patient services delivered by contracted health service providers.
  • A shared CHRIS repository containing PHI useful to any CHRIS Tenant that provides care or helps provide care to a patient. This repository can be accessed by any CHRIS Tenant in the course of care. It includes demographic information needed to correctly identify a patient, and summary clinical and planning information needed for continuity of care.

CHRIS Roles Under PHIPA

We are subject to the Ontario Personal Health Information Protection Act, 2004 (PHIPA) when managing the CHRIS electronic platform and related services for CHRIS Tenants. We operate under the following roles when handling PHI for CHRIS Tenants:

Health Information Network Provider (HINP)

A HINP provides the electronic means for the exchange of PHI among a group of HICs.1

As a HINP, we provide and manage the CHRIS technical platform for the shared CHRIS repository. The platform allows CHRIS Tenants (that is, HICs) to securely exchange PHI with one another. We are required to adhere to certain responsibilities as a HINP under PHIPA, including the responsibility to protect the PHI we handle and the privacy of the individuals to whom the PHI relates. Similarly, each participating CHRIS Tenant is required to sign a participation agreement, recognizing its commitment as a HIC to protect the PHI it handles, and the privacy of the individuals to whom the PHI relates.

Electronic Service Provider (ESP)

An ESP supplies services to allow a HIC to use electronic means to collect, use, modify, disclose, retain or dispose of PHI.2

Each CHRIS Tenant is provided with a tenant specific CHRIS repository. The patient data in each tenant specific CHRIS repository is exclusive to and only accessible by people authorized to act on behalf of that CHRIS Tenant. We manage each tenant specific CHRIS repository in our role as an ESP for the CHRIS Tenant. This role allows us to handle PHI only as permitted by each HIC acting as a CHRIS tenant.

PHIPA Agent

We may also help individual CHRIS Tenants transfer PHI from CHRIS to a provincial partner or another authorized party (for example, for evaluation of health system performance or quality improvement initiatives). In such cases we facilitate the PHI transfer as a PHIPA Agent of the CHRIS Tenant. We act on behalf of, and with the authorization of, the specific CHRIS Tenant to fulfil a lawful purpose.

CHRIS Tenants and Authorized Users

CHRIS Tenants

The CHRIS electronic platform is only available to HIC Organizations that have satisfied Ontario Health’s assessments of their privacy and security readiness to participate in CHRIS. We do not onboard or directly contract with non-HIC Organizations for participation in CHRIS. The following HIC Organizations are currently CHRIS Tenants:

  • Home and Community Care Support Services sites
  • Some approved Ontario hospitals delivering bundled care programs in the community

Hospitals with bundled care programs provide health care services at their facility, but also provide specific health services for some patient groups in the patient’s home.

Note: While not CHRIS Tenants, Ontario Health Teams are anticipated to be approved by the Ontario Ministry of Heath to participate in CHRIS.

Authorized Users

An authorized user of CHRIS is an individual or organization that is a PHIPA Agent of a CHRIS Tenant and is authorized by one or more CHRIS Tenants to access the PHI in CHRIS on their behalf and in connection with clearly defined responsibilities.

Individual Authorized Users are primarily those individuals who are employees or contingent resources of one or more CHRIS Tenants.

Authorized user organizations that are not HICs may only access the PHI in CHRIS under the authority of a HIC that is a CHRIS Tenant. The authorized user organization will have agreements in place with one or more CHRIS Tenants that stipulate when and why it may access PHI in CHRIS, along with its obligations for safeguarding of that PHI.

Accountability for PHI in CHRIS

Privacy Oversight

Ontario Health is responsible for ensuring the programs we manage follow PHIPA. Individuals at the highest levels of the organization are appointed to ensure there is proper oversight and day-to-day compliance with PHIPA, through a robust privacy program.

We have assembled a CHRIS Privacy Steering Committee to oversee matters related to patient privacy, safeguarding of PHI, dispute resolution and the program impact of changes to privacy laws and regulations. Membership for the committee will include:

  • Ontario Health privacy team members
  • appointees from both CHRIS Tenants and Ontario Health Teams
  • representatives from other community health institutions

Each CHRIS Tenant is responsible for providing Ontario Health with a single point of contact (a CHRIS Privacy Coordinator) for all privacy matters related to CHRIS. A CHRIS Privacy Coordinator may be a member of a tenant organization, or an authorized user representative for the CHRIS Tenant. The CHRIS Privacy Coordinator will have access to the PHI within the CHRIS shared platform and will take the lead on behalf of the CHRIS Tenant in ensuring the authorized user organizations comply with PHIPA and CHRIS policies designed to protect privacy.

Policies

Ontario Health has developed a set of privacy policies and procedures that govern the protocols applied to the CHRIS technology platform.

We have also developed a suite of privacy policies specific to HICs participating as members of CHRIS Tenants. The CHRIS policies outline the general privacy practices each CHRIS Tenant should have in place to ensure compliance with PHIPA, especially when coordinated action among CHRIS Tenants and/or with Ontario Health is required.

Agreements with HIC Organizations

Before CHRIS onboarding, each prospective CHRIS Tenant must sign a Master Data Sharing and Services Agreement and CHRIS Service Schedule. These documents outline the roles and responsibilities of Ontario Health, CHRIS Tenants and authorized users when participating in CHRIS.

Collection, Use, Disclosure and Retention of PHI in CHRIS

Collection of PHI

Ontario Health provides services to CHRIS Tenants so that they may use the CHRIS solution to collect, use and disclose patient data. In providing the CHRIS solution, we operate as a HINP and an ESP, as described in the PHIPA regulation.

In our roles as a HINP and ESP, we do not collect PHI from patients for our own purpose.

CHRIS Tenants collect PHI from patients to support the delivery of home and community health services. CHRIS Tenants may collect PHI either from the patient or from another CHRIS Tenant by using the shared CHRIS repository.

Use of PHI

The PHI in CHRIS is used by CHRIS Tenants and their authorized representatives for the purposes for which it was collected (for example, to plan and deliver community or home health services).

Ontario Health may use the PHI in CHRIS only as necessary to provide the HINP or ESP services, for example:

  • as required to maintain and operate the CHRIS systems
  • to conduct audits to verify that access to CHRIS PHI is authorized, limited and appropriate
  • to investigate a privacy incident or breach

Disclosure of PHI

Ontario Health does not disclose any PHI for our own purpose, however we may disclose PHI on behalf of a CHRIS Tenant that has authorized the disclosure, or otherwise where permitted or required by law.

CHRIS Tenants use the CHRIS solution to disclose PHI to other CHRIS Tenants to plan and deliver community or home health services. If Ontario Health is acting as a PHIPA Agent for a CHRIS Tenant, we may disclose PHI on behalf of the CHRIS Tenant to an authorized representative or partner organization of that CHRIS Tenant.

CHRIS Tenants must ensure that all collections, uses and disclosures of PHI made through CHRIS are lawful and comply with the obligations of a HIC under PHIPA.

Retention of PHI

Timeframes for retention of PHI in CHRIS are controlled by the CHRIS Tenant that contributed the PHI.

Safeguards for the Protection of PHI in CHRIS

Ontario Health has physical, administrative and technical safeguards in place to protect PHI against loss, theft, unauthorized access, disclosure, copying, use or modification. Each Master Data Sharing Services Agreement in place with a CHRIS Tenant outlines the specific safeguards we apply to protect PHI in CHRIS. The following describes some of the safeguards we implement to protect PHI.

Physical Safeguards

  • Controls to secure physical premises, including controlled access to offices
  • Secondary level of access controls for some employee zones where sensitive data may reside
  • Appropriate identification for employees
  • Video surveillance for forensic purposes

Administrative Safeguards

  • Privacy policies that outline how Ontario Health and CHRIS Tenants will protect the PHI in CHRIS
  • User terms and conditions that outline an authorized user’s responsibilities for accessing and keeping data secure in CHRIS
  • Privacy and security training to reinforce protocols for the protection of PHI:
    • Ontario Health privacy and security training
    • CHRIS Tenants are required to comply with the CHRIS Privacy Training Policy
  • Privacy incident management practices to identify, contain, investigate and report on privacy incidents and breaches
    • If we receive an incident notification related to data in CHRIS, we will contact the privacy representative of the CHRIS Tenant that contributed the PHI at the first reasonable opportunity. Our representatives will follow the general protocols outlined in our Privacy Incident Management Policy and Procedure.
    • CHRIS Tenants must identify and address privacy incidents in compliance with the CHRIS Privacy Incident Management Policy.
  • Ontario Health will conduct privacy and security risk assessments to ensure privacy risks for the CHRIS platform are identified, mitigated and responsibly managed. Our representatives will follow the guidelines outlined in our Privacy Impact Assessment Standard and Privacy Risk Management Policy.

Technical Safeguards

  • Adoption of industry standards to ensure the security of PHI in CHRIS
  • Encryption applied to sensitive data in transmission
  • A logging, monitoring and auditing system to record when PHI is accessed or transferred
    • When conducting a CHRIS access audit, we will comply with our Privacy Audit and Compliance Policy.
    • CHRIS Tenants are required to conduct system audits for their authorized users, as described in the CHRIS Privacy Audit Policy.

Managing Consent in CHRIS

As a HIC, the CHRIS Tenant has the responsibility for obtaining and managing patient consent.

Each CHRIS Tenant that contributed PHI to CHRIS will determine the preferred consent method (express or implied) applied by that CHRIS Tenant. CHRIS Tenants must comply with a consent directive expressly given by the patient. The CHRIS technical platform provides mechanisms that may help a CHRIS Tenant document consent, implement a consent directive, or withdraw or withhold consent, as described in the CHRIS Consent Management Policy.

Accessing or Correcting PHI in CHRIS

If Ontario Health receives a request for access or a request for correction of PHI in a patient record stored in CHRIS, we will forward that request to the contributing CHRIS Tenant at the first reasonable opportunity.

All requests from patients to access their PHI should be sent to and fulfilled by the CHRIS Tenant that contributed the PHI. If a patient is requesting the correction of their PHI in CHRIS, the request should be made to and fulfilled by the CHRIS Tenant that contributed the PHI.

CHRIS Tenants are required to manage access and correction requests in CHRIS, in accordance with the CHRIS Access and Correction Policy and their obligations as HICs under PHIPA.

CHRIS Privacy Contact Information

If you have questions about CHRIS privacy or Ontario Health privacy practices for the CHRIS platform, or if you have concerns about a CHRIS Tenant, please contact us by mail or email.

Chief Privacy Officer
Legal, Privacy, Risk Department
Ontario Health
500 – 525 University Avenue
Toronto, ON M5G 2L7

Email: privacy@ontariohealth.ca

You also have the right to submit a concern or complaint about CHRIS information practices to the Ontario Privacy Commissioner.

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8

Phone: 416-326-3333 or 1-800-387-0073
TDD/TTY: 416-325-7539
Email: info@ipc.on.ca

Last Updated: August 24, 2023