The ClinicalConnect Portal is the tool by which certain health care providers (Participants), each of which is a health information custodian under the Personal Health Information Protection Act, 2004 (PHIPA), have agreed to provide access to patient personal health information under their care and control to other Participants and their
agents who have been registered as Authorized
Users of the Portal.
- Access is available to hospitals, healthcare facilities and providers involved in the “circle of care” for a patient
- Privacy and security policies and controls, procedures, training programs serve to protect patient information
- All access is tracked and logged with ongoing auditing managed by Privacy Contacts
- ClinicalConnect Privacy Contacts and Privacy Committee span all LHINs with Participants
- ClinicalConnect data is securely encrypted
- A combination of industry standards for authentication, authorized and auditing safeguard data
- A third-party security company determined ClinicalConnect has the appropriate security controls in place to safeguard privacy of patient information
Please read the ClinicalConnect User Agreement for complete details about accessing ClinicalConnect.
Privacy and Security Steps – Protecting Personal Health Information
All personal health information collected, used and disclosed via ClinicalConnect is subjected to the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA establishes the legal privacy roles and responsibilities for each organization participating in the use of ClinicalConnect. Each participating hospital is required by PHIPA to have privacy and security policies, procedures and training programs in place. These existing statutory-based controls also serve to protect patient information accessed via ClinicalConnect.
The steps taken to manage privacy and security include:
- Signing of Participation Agreements
- Project Due Diligence via Privacy Impact Assessments and Threat Risk Assessments
- Completion of Privacy & Security Self-Assessments by each Participant which is assessed by the ClinicalConnect Privacy Advisory Committee, and examines an organization’s:
- Privacy Breach Management and Auditing
- Service Level Agreements and Confidentiality Agreements
- Ongoing Communication and Education & Training
- End users agree to set User Terms and Conditions on an annual basis