GRH hosts the Cerner system for this partnership. Under s.10(4) of the Personal Health Information Protection Act (PHIPA) and ss.6(3) of Regulation 329/04 made under PHIPA, a person who provides services to two or more health information custodians to use electronic means to disclose personal health information to one another is a health information network provider (HINP).
Our responsibilities include:
- Managing changes in roles and responsibilities as they pertain to PHIPA and establishing appropriate agreements
- Assessing the privacy and security of the information system to help ensure that it protects personal health information
- Appointing one or more individuals who will be responsible for the privacy and security of the personal health information in the shared system
- Establishing logging, auditing and monitoring policies and procedures, including the communication of these controls to the participants
- Providing incident and breach management support to the participants by informing the parties in the event of a Privacy Breach or unauthorized access
- Making plain language safeguards available to both the public and participating organizations
- Completing a Privacy Impact Assessment (PIA) and Threat/Risk Assessment (TRA)
For more information about our information privacy practices, please contact the Information Privacy & Security Office at 519-749-4300 ext. 4275 or email firstname.lastname@example.org.