GRH hosts the Cerner system for this partnership. Under s.10(4) of the Personal Health Information Protection Act (PHIPA) and ss.6(3) of Regulation 329/04 made under PHIPA, a person who provides services to two or more health information custodians to use electronic means to disclose personal health information to one another is a health information network provider (HINP).

We understand the importance of ensuring the privacy and security of your personal health information and have developed a HINP privacy policy that describes the standards used to protect this information.

Our responsibilities include:

  • Managing changes in roles and responsibilities as they pertain to PHIPA and establishing appropriate agreements
  • Assessing the privacy and security of the information system to help ensure that it protects personal health information
  • Appointing one or more individuals who will be responsible for the privacy and security of the personal health information in the shared system
  • Establishing logging, auditing and monitoring policies and procedures, including the communication of these controls to the participants
  • Providing incident and breach management support to the participants by informing the parties in the event of a Privacy Breach or unauthorized access
  • Making plain language safeguards available to both the public and participating organizations
  • Completing a Privacy Impact Assessment (PIA) and Threat/Risk Assessment (TRA)

For more information about our information privacy practices, please contact the Information Privacy & Security Office at 519-749-4300 ext. 4275 or email