Ontario Health (Cancer Care Ontario) Privacy

Description of Services: Ontario Health provides the Diagnostic Assessment Program – Electronic Pathway Solution (DAP-EPS), a navigational web-based tool, for the purposes of connecting referring physicians, primary care providers, patients, staff at DAP facilities and specialists that are part of the patient’s DAP Team, in order to facilitate the communication of information to patients and their designated caregivers, and providing patients and health information custodians with a centralized view of the information relating to the patients’ cancer diagnosis.

Source:

• Referring Physicians
• Primary Care Providers
• Patients
• DAP Facilities
• Specialists
• Designated Health Care Providers

Description of Services: Ontario Health provides the eClaims solution for the purposes of operating Ontario Health’s Provincial Drug Reimbursement Programs (PDRP). The PDRP is the provinces operational unit responsible for administering cancer drug funding to hospitals. The solution offers a web-based portal or interfaces with existing hospital systems, enabling clinicians (pharmacists and physicians) to access and track patient’s historical treatment records, including ones submitted by other treatment facilities, and submit treatment orders. Additionally, it is used by Ontario Health adjudicators and hospital users for drug claims reimbursement and the adjudication of drug eligibility.

Source:

• Treatment Facilities
• Physicians
• Pharmacists

Description of Services:
Cancer Related Patient Reported Outcomes (PROs): Facilitate the exchange of cancer related PROs between participating ISAAC sites for the purpose of improving symptom screening and assessment, symptom control and access to coordinated palliative support for cancer patients.

Hip and Knee Surgery PROs: Facilitate the exchange of Hip and Knee Surgery PROs between orthopedic clinics and assessment centres. PHI is required to support local quality improvement and research initiatives, and the evaluation of the appropriateness and effectiveness of surgical interventions.

Source:

• Participating ISAAC sites
• Participating Orthopedic clinics and assessment centres

Description of Services: Ontario Health provides the Ontario Renal Reporting Systems (ORRS) web application to Ontario healthcare facilities that treat patients with chronic kidney disease for the purposes of connecting these facilities when a patient transfers from one site to another. ORRS allows the new or Transferring-In Site to determine if a patient has previously been treated at a different Site (the Transferring-Out Site) and, if so, access certain PHI related to the treatment that the patient received in the past. This facilitates the care and treatment by the Transferring-In Site by, for example, avoiding duplicate testing and the requirement for the patient to repeat their health history to their new healthcare providers.

Source:

• Transferring-In sites
• Transferring-Out sites

Description of Services: Ontario Health provides the PET Scans Ontario web application to physicians and PET Centre’s for the purposes of supporting the activities of the uninsured program domains (PET Registry, PET Clinical Trials and the PET Access Program) and insured PET scan services under the EB-PET Program. The PET Scans Ontario web application provides the ability for physicians, through the use of web-based forms, to request PET scans for their patients and the ability for PET centres, through the use of web-based forms, to submit results from PET scans performed at their institutions. Health Information Custodians, authorized users, are required to accept the terms of use prior to being authorized to use the web application.

Source:

• Referring physicians
• PET Centres

As required by the Information and Privacy Commissioner of Ontario and by the Ontario Health (Cancer Care Ontario) Privacy Policy, a Privacy Impact Assessment (PIA) was completed for the Sandy Lake Screening Activity Report (SAR) Pilot Project, which took place in 2013.

The following is a summary of the PIA, and includes background on the Sandy Lake SAR and key findings of the PIA. The summary also outlines Ontario Health's progress in implementing the recommendations contained in the PIA.

Background

The Aboriginal Cancer Control Unit (ACCU) implemented the Sandy Lake SAR Pilot to encourage Sandy Lake residents to get screened for colorectal cancer. Ontario Health shared personal health information (PHI) about the residents, namely information about their colorectal cancer screening status, with nurses and physicians at the Sandy Lake Nursing Station via the Sandy Lake SAR.

Prior to disclosing the SAR, Ontario Health provided a Privacy Notice to Sandy Lake residents that permitted them to “opt out” or decline to have their information included in the SAR. The Privacy Notice was posted at the Nursing Station and Band Office, and distributed through other reliable channels such as radio and a local bulletin.

The “opt out” period lasted for two weeks (deemed acceptable by Chief and Council), and privacy training was provided to the physicians and nurses who handle Sandy Lake residents’ personal information (PI) and PHI. At the conclusion of the opt-out period, a list of Sandy Lake residents who did not wish to be contacted about the SAR was provided to Ontario Health, and the SAR was disclosed to the physicians and nurses at the Nursing Station without the information pertaining to these residents.

Privacy Impact Assessment

Ontario Health had the legislative authority to use PHI to develop the Sandy Lake SAR in its capacity as a prescribed registry (PR). Pursuant to s. 49(1)(a) of PHIPA, CCO acting as a PR was permitted to use the PHI for the purposes for which Ontario Health was authorized to collect the data, i.e., for the purpose of facilitating or improving the provision of health care, consistent with s. 39(1)(c) of PHIPA.

In the alternative, Ontario Health had the authority to use the PHI in its capacity as an institution under the Freedom of Information and Protection of Privacy Act (FIPPA). Pursuant to ss. 41(1)(b) of FIPPA, Ontario Health acting as an institution was permitted to use the PHI for the purpose for which the PHI was obtained or compiled, i.e., for facilitating and improving the provision of health care, consistent with s. 39(1)(c) of PHIPA.

Similarly, Ontario Health had the legislative authority to disclose PHI in the Sandy Lake SAR to physicians and nurses in its capacity as a PR. Pursuant to s. 49(1)(a) of PHIPA, Ontario Health acting as a PR was permitted to disclose the PHI for the purposes for which Ontario Health was authorized to collect the data. In the alternative, Ontario Health had the authority to disclose the

PHI as an institution under FIPPA. Pursuant to ss. 42(1)(c) of FIPPA, Ontario Health acting as an institution was allowed to disclose the PHI for the purpose for which it was obtained or compiled.

Further to the above, the PIA identified 5 privacy risks and proposed certain recommendations for each:

• There was a risk of Ontario Health using PHI in an unauthorized manner. Certain operational processes were carried out to mitigate this risk. For example, Ontario Health Representatives received the Sandy Lake Resident List in accordance with Ontario Health's In-Person Transfer of Personal Health Information Procedure, signed a Statement of Confidentiality for the data, and took privacy and security training.
• There was a risk of Ontario Health disclosing PHI in a manner that was inconsistent with the federal Privacy Act, which also governed the disclosure. Because the nurses at the Sandy Lake Nursing Station were employees of Health Canada, it was decided that the requirements of the federal Privacy Act needed to be incorporated into the Privacy Notice and SAR Disclosure Agreement. This risk was resolved, as the ACCU ultimately disclosed the SAR only to physicians.
• There was a risk of Ontario Health disclosing PHI in an unauthorized manner. A Privacy Notice advising of the Sandy Lake SAR was disseminated via radio advertisement and posted in a public space at the Sandy Lake Nursing station for 2 weeks.
• There was a risk of Ontario Health disclosing PHI without a contractual framework in place. Ontario Health's Legal Office drafted a SAR Disclosure Agreement for physicians to sign.
• There was a risk of insecure transfer of PHI. The ACCU documented the process by which the SAR was sent and accessed electronically at the Sandy Lake Nursing Station using secure managed file transfer (Tumbleweed). Ontario Health's Information Security Office approved the transfer, and training was provided to users.

Privacy Impact Assessment Recommendations

There are no risks identified in the PIA that are still outstanding.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

As required by the Information and Privacy Commissioner of Ontario and by Ontario Health's Privacy Policy, a Privacy Impact Assessment (PIA) Addendum was completed for the Ontario Health Ontario Breast Screening Program (OBSP) Correspondence Phase II initiative.

The following is a summary of the PIA Addendum and includes background on the OBSP Correspondence Phase II. The summary also notes Ontario Health’s progress in implementing the recommendations contained in the PIA addendum.

Background

The purpose of the OBSP is to decrease mortality from breast cancer by increasing the number of women getting screened regularly and receiving appropriate follow-up so that cancers are diagnosed early when treatment is more successful. The objective of OBSP Correspondence Phase II is to send the following types of breast cancer screening correspondence to eligible participants in Ontario: invitation-reminders, recalls, recall-reminders and normal results. The OBSP correspondence includes personal health information (PHI) that Ontario Health has collected from OBSP health care providers.

Privacy Impact Assessment

This PIA Addendum concludes that Ontario Health has the authority to carry out the operations of OBSP Correspondence Phase II as a Prescribed Person pursuant to the Ontario Personal Health Information Protection Act, 2004 (PHIPA) and its regulation (O. Reg. 329/04) and, as an alternative authority, the Ontario Freedom of Information and Protection of Privacy Act (FIPPA).

This PIA Addendum identifies 10 privacy risks and recommends certain actions be taken by Ontario Health to manage these risks. The outstanding risks and related recommendations are summarized in Part III of the PIA Addendum. Privacy Impact Assessment Recommendations

Privacy Impact Assessment Recommendations

In summary, the following are recommendations from the OBSP Correspondence Phase II PIA Addendum:

• Ontario Health must identify and document the data elements which are reasonably necessary for its operation of the OBSP as a Prescribed Person.
• Ontario Health should ensure that the PHI data elements that have been identified as necessary for the operation of the OBSP as a Prescribed Person, are managed by Ontario Health in a distinct and separate data holding.
• Ontario Health has executed agreements with hospitals that identify the PHI that Ontario Health is collected as a Prescribed Person for the operation of the OBSP. Ontario Health should update the list of data elements to include those elements that have been identified as necessary for the operation of the OBSP Correspondence.

Ontario Health is currently in the process of implementing the recommendations made in OBSP Correspondence Phase II PIA Addendum.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

As required by the Information and Privacy Commissioner of Ontario and by Ontario Health (Cancer Care Ontario) Privacy Policy, a Privacy Impact Assessment (PIA) was completed for the Ontario Breast Screening Program (OBSP).

The following is a summary of the PIA and includes background on the OBSP. The summary also notes Ontario Health’s progress in implementing the recommendations contained in the PIA.

Background

The OBSP is a province-wide, organized breast screening program that provides high-quality breast cancer screening to eligible women. The purpose of the OBSP is to decrease mortality from breast cancer by increasing the number of women getting screened regularly and receiving appropriate follow-up so that cancers are diagnosed early when treatment is more successful.

Ontario Health manages the OBSP and its related Integrated Client Management System (ICMS). The ICMS is an information management system used not only to provide statistical information on screening and assessment indicators but also to support front line administration and management of the OBSP. This means that the ICMS includes personal health information (PHI) required for both program administration (e.g. client registration and payments) and program management (e.g. statistical analysis and evaluation). The OBSP also allows Ontario Health more direct engagement with patients in providing breast cancer screening services (e.g. the sending of invitations for cancer screening).

Privacy Impact Assessment

In general, this PIA concludes that Ontario Health has the authority to collect, use and disclose PHI for the operation of the OBSP as a prescribed person pursuant to ss. 39(1)(c), 39 (4) and 49(1) of the Personal Health Information and Protection Act, 2004 (PHIPA), or, in the alternative with respect to use and disclosure of PHI, ss.41(1)(b) and 42(1)(c) and (d) of the Freedom of Information and Protection of Privacy Act (FIPPA).

This assessment also concludes that in providing services to allow OBSP health care providers, or health information custodians (HICs) to use electronic means to collect, use and disclose PHI, Ontario Health also operates the OBSP as a health information network provider (HINP). These services are delivered through the ICMS.

This PIA Addendum identifies 46 privacy risks and recommends 43 mitigating actions be taken by Ontario Health to manage these risks. The outstanding risks and related recommendations are summarized in Part IV of the PIA. Privacy Impact Assessment Recommendations

In summary, the PIA identified some privacy controls that should be enhanced to support the Program, including the following key recommendations:

• A retention schedule for OBSP PHI should be operationalized;
• The ability to print off outstanding cases when generating invoices per OBSP should be eliminated from the ICMS functionality;
• Ontario Health should consider de-identifying the PHI of OBSP Clients and non-OBSP Clients where the purposes for the use of ICMS data does not require that the identity of a specific woman be known;
• Ontario Health should review the publically available information and communications provided to OBSP sites so clients are made aware of the collection, use and disclosure of their PHI as well the consent management process;
• Ontario Health should enhance the features of the ICMS consent management system and the OBSP consent directive process;
• The Genetic Release Form at the Genetic Clinics should be discontinued;
• Ontario Health should enhance the ICMS access controls; and
• Ontario Health's agreement with the Regional Cancer Centres (RCCs) should be amended to identify that the RCCs are functioning as an agent of Ontario Health for the purpose of data management activities.

Ontario Health is currently in the process of implementing the recommendations made in OBSP PIA.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

As required by the Information and Privacy Commissioner of Ontario and by the Ontario Health (Cancer Care Ontario) Privacy Policy, a Privacy Impact Assessment (PIA) Addendum was completed for the Specialized Services Oversight Information System (SSO IS) Interventional Radiology initiative.

The following is a summary of the PIA Addendum and includes background on the SSO IS Interventional Radiology initiative and key findings of the PIA Addendum. The summary also notes Ontario Health's progress in implementing the recommendations contained in the PIA Addendum.

Background

The SSO IS is used by hospitals as a secure method to submit patient information, including personal health information (PHI) to Ontario Health with respect to specialized cancer services. Ontario Health uses this information for reporting and analytical purposes, including program development, planning, volume funding and performance management. These activities help Ontario Health to ensure Ontarians have appropriate access to specialized cancer services.

Currently, Ontario Health collects PHI through SSO-IS on 6 specialized cancer services. Through this initiative, the scope of SSO-IS will expand to collect new PHI, which is related to an additional specialized cancer service, interventional radiology. The new PHI to be collected under this initiative is necessary for Ontario Health to understand service demand, requirements of high quality service delivery, and availability/distribution of resources to formulate appropriate recommendations and monitor performance of interventional radiology services.

Privacy Impact Assessment

As described in detail in the SSO PIA, Ontario Health maintains the authority as a prescribed entity to collect PHI from health information custodians (HICs) pursuant to section (s.) 18(1) of Ontario Regulation (O. Reg.) 329/04 of the Personal Health Information Protection Act (PHIPA). As a prescribed entity, Ontario Health may collect and use this PHI for the purposes of s. 45 of PHIPA, which relates to health system planning and management. The SSO IS Interventional Radiology PIA Addendum concluded that Ontario Health is collecting and using interventional radiology PHI, in Ontario Health’s role as a prescribed entity.

The PIA addendum identifies one risk related to the privacy review of any anticipated linkages of interventional radiology PHI with other data holdings that are under the custody and control of Ontario Health. This risk is described in the Privacy Analysis of the Collection, Use and Disclosure section of the SSO IS Interventional Radiology PIA Addendum.

Privacy Impact Assessment Recommendations

In summary, the SSO IS Interventional Radiology PIA Addendum recommends that a privacy review be conducted on the anticipated linkages of interventional radiology PHI with other Ontario Health data holdings, prior to the linkages occurring. This recommendation has since been implemented and there are no outstanding recommendations from the SSO IS Interventional Radiology PIA Addendum.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

Background

As required by the Personal Health Information and Protection Act (PHIPA) and by the Ontario Health (Cancer Care Ontario) Privacy Policy, PIAs were completed for the Interactive Symptom Assessment and Collection (ISAAC) Application.

This document provides is a summary of PIAs conducted on the ISAAC solution. This PIA summary includes background on the ISAAC Application and also notes Ontario Health's progress in implementing the recommendations contained in the PIA addendum.

Privacy Impact Assessment

This PIAs concluded that Ontario Health has the authority to carry out the operations of the ISAAC Application as a Health Information Network Provider (HINP) pursuant section 6(2) of O.Reg. 329/04 and may collect and use the personal health information in ISAAC Replication Database as a Prescribed Entity pursuant to section 45 of PHIPA. In addition, Ontario Health is an Electronic Service Provider (ESP) pursuant to section 6(1) of O.Reg. 329/04 and section 10(4) of PHIPA with respect ePREM services it provides to ISAAC sites through its third party service provider NRC Health. Lastly, Ontario Health is a PHIPA Agent pursuant to section 17 of PHIPA with respect to consent management (fulfilling patient request to no longer participate in ISAAC); Fulfilling individual access request; and Request related to corrections.

The ISAAC Application captures information on the patients’ symptoms and functional status using various selfassessment tools such as PROMs. Self-assessment information may be entered directly by a patient into an ISAAC kiosk at an ISAAC Site or using personal devices such as home computers through a secure website, through TeleISAAC (though Tele-ISAAC functionality is currently not in use) or recorded on paper and subsequently entered into the ISAAC Application by health care providers. Functional status scores may also be entered into the ISAAC application by clinicians/administrators. Updates to scores may be performed manually by health care workers or ISAAC Site staff using the ISAAC Application.

The ISAAC Application enables the systematic collection PROMs from patient populations at participating sites for a variety of purposes, including the support of local quality improvement and research initiatives, and the evaluation of the appropriateness and effectiveness of surgical interventions.

ISAAC is integrated with Admission Discharge Transfer (ADT) which has helped automated the patient enrolment as well as updates to patient demographic information. The automation will

occur through the integration of the hospital’s Health Information System (HIS) or Electronic Medical Record (EMR) through the HL7 message. HL7 integration with ISAAC has enabled bi-directional and ini-directional data transfers between ISAAC and the ISAAC site’s HIS or EMR.

This PIA summary identifies several privacy risks and recommends certain actions be taken by Ontario Health to manage these risks. The recommendations are summarized in below. Privacy Impact Assessment Recommendations

Ontario Health has implemented all of the recommendations from the following PIAs:

• Patient Reported Outcomes – EPIC Prostate Cancer Pilot Project Privacy Impact Assessment (Updated October 31, 2014 re: Implementation of Recommendations), version 1.0;
• Interactive Symptom Assessment and Collection (ISAAC) Addendum to the 2010 Provincial Palliative Care Integration (PPCIP) Privacy Impact Assessment Report, Admission, Discharge and Transfer(ADT) Integration, version 0.5, November 3, 2014;
• Interactive Symptom Assessment and Collection (ISAAC) Addendum to the 2007 Provincial Palliative Care Integration (PPCIP) Privacy Impact Assessment Report, version 1.1, August 10, 2010;
• Interactive Symptom Assessment and Collection (ISAAC) Addendum to the 2007 Provincial Palliative Care Integration (PPCIP) Privacy Impact Assessment Report, version 1.3, November 2009; and
• Provincial Palliative Care Integration Project Privacy Impact Assessment Report, version 4, January 12, 2007

Ontario Health is currently in the process of implementing the recommendations made in the following PIAs:

• Expanded ISAAC Application Functionality Privacy Impact Assessment Addendum, version 1.4, August 23, 2019;
• Interactive Symptom Assessmenty and Collection (ISAAC) Application eClaims Integration Conceptual PIA, version 1.0, August 27, 2019; and
• Hip and Knees PROs in ISAAC Privacy Impact Assessment Addendum, version 1.6, March 2, 2018

The following is a summary of the recommendations currently in the process of being implemented:

• Agreements should be updated and executed with the relevant stakeholders to ensure roles and responsibilities of the parties are more clearly set out and to protect against unauthorized collection, use and disclosure of personal information and personal health information (PI/PHI);
• In the context of enhancements that will be made to ISAAC that will allow patient’s access their own ISAAC data, additional safeguards should be implemented with respect to login; and
• ISAAC procedural documents and FAQs to be updated.

In addition, Ontario Health has put in place a documented procedure for removing patients from ISAAC production database in the event that they no longer wish to participate. Removing the patient from ISAAC will make their information inaccessible to the ISAAC sites. Ontario Health is also logging all access to ISAAC data including (but not limited to) the following:

• User who accessed the ISAAC data;
• Date and time of access;
• What was accessed; and
• The hospital associated with patient/provider access ISAAC data.

The following security assessments have been completed on ISAAC:

• Cancer Care Ontario ISAAC Threat Risk Assessment (TRA) (Project 1), June 2010, Final Report;
• Interactive Symptom Assessment & Collection (ISAAC) 2.0 Solution Threat Risk Assessment (TRA), May 2013, Final; and
• Addendum to the ISAAC Threat & Risk Assessment (TRA), November 18, 2014, version 1.2

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

As required by Ontario Health's Privacy Policy, a Privacy Impact Assessment (PIA) was completed on the Electronic Canadian Triage and Acuity Scale (eCTAS) initiative in August 2016.

The following is a summary of the PIA and includes a background on the eCTAS initiative and the key findings of the PIA. The summary also notes outstanding risks as identified in the PIA.

Background

Ontario Health (Cancer Care Ontario) Access to Care (ATC) program is leading the eCTAS initiative at Ontario Health. ATC has been tasked by the Ministry of Health and Long-Term Care (MOHLTC) with developing an electronic, intelligent Canadian Triage and Acuity Scale (CTAS) system to support Emergency Department (ED) triage in Ontario. The CTAS Guideline was developed in 1995 to enable ED nurses and physicians to:

• triage patients according to the type and severity of their presenting signs and symptoms;
• ensure that the sickest patients are seen first when ED capacity has been exceeded due to visit rates or reduced access to other services; and
• ensure that a patient's need for care is reassessed while in the ED.

The use of the CTAS Guideline is an Accreditation Canada “Required Organizational Practice” in all Canadian EDs. The CTAS triage level assigned to each ED patient is also a mandatory data element for reporting to the Canadian Institute for Health Information (CIHI).

The eCTAS initiative includes the following overall goals:

1. to develop an eCTAS system that supports triage nurses to assess and prioritize patients requiring urgent care in a standardized manner according to the CTAS guidelines;
2. to deliver a solution to hospitals so that eCTAS is highly available and accessible to ED sites over the Internet;
3. to ensure that the solution is available to participating hospitals in Ontario;
4. to establish a provincial database of clinical triage data to enable reporting and quality monitoring of triage assessments sourced from a provincial repository, as well as the sharing of patient visit information across EDs to support triage nurses with patient assessments;
5. to ensure triage performed electronically is responsive and efficient for nurses; and
6. to support multiple triage workflows and promote interoperability with various health information systems.

For Phase 1 & 2 of the project, approximately 110 hospitals will participate in the implementation and testing of eCTAS models.

Although there are three integration options available to participating hospitals, the PIA considered only the Web Application option since it will involve the greatest number of collections, uses and disclosure of data. The other two integration options, Web Service and Certification Site, will only involve some of the collections, uses and disclosures of data described in the PIA.

There are three parts to the data flow for the Web Application option. All data in each of these three parts is stored in Canada via Microsoft’s Azure service.

• In Part 1 (Previous ED Visit - Patient Search), a triage nurse will upload patient personal health information (PHI) to the eCTAS system in real-time. The uploaded PHI will be used as an automated search query to identify patient triage record summaries in the eCTAS database from the previous 10 days (i.e., recent visits by the patient to any participating hospital ED). If there is a complete match, those records of previous ER visits will be available through an alert for review by the triage nurse. The triage nurse can then consider those recent ED visits when generating a CTAS score for the current ED visit.
• In Part 2 (CTAS Score), the triage nurse enters additional patient PHI into the eCTAS application in real-time to document the clinical assessment, and to determine a CTAS score. The hospital’s information systems captures that PHI and the resulting CTAS score. CCO retains that PHI (including the resulting CTAS score) in the form of a patient triage record summary and stores it in the eCTAS database. Following its creation, that triage record summary will be accessible via the eCTAS database to the ED that created it.
• In Part 3 (eCTAS Reporting), the patient triage records captured in Part 2, together with the CTAS scores, are stored in the eCTAS database for ongoing use by CCO in generating aggregate reports for the MOHLTC and other stakeholders. These reports do not contain PHI.

Privacy Impact Assessment

The PIA concludes that Ontario Health has two main roles in the collection, use and disclosure of PHI as part of the eCTAS initiative:

1. “Service Provider / Health Information Network Provider (HINP) Role” – in providing PHI-related services to participating hospitals; and
2. “Prescribed Entity Role” – in collecting patient triage record summaries for the purposes of health system planning and resource allocation.

Ontario Health’s authority for these roles is found in agreements between the MOHLTC and Ontario Health; in the Personal Health Information Protection Act, 2004 (PHIPA); and in agreements between Ontario Health and participating hospitals.

• “Service Provider / HINP Role” – Ontario Health’s authority is derived from a Memorandum of Understanding (2009) between CCO and the MOHLTC and supplemented by an Accountability Agreement (2014-2017) between CCO and the MOHLTC; a Master Data Sharing Agreement (MDSA) with all participating hospitals; and the provider / HINP requirements under subsection 10(4) of PHIPA and section 6 of the Regulation to PHIPA.
• “Prescribed Entity Role” – CCO has authority as a prescribed entity under section 45 of PHIPA.

Implementation and Privacy Impact Assessment Recommendations

In summary, the following risks have been identified by the PIA and are currently being mitigated.

• Ontario Health has not developed a plain language description of the HINP-related services that meets PHIPA’s HINP requirements. Such a description must be provided to participating hospitals and made available to the public.
• Ontario Health has not developed a process for making audit logs available to participating hospitals upon request. Audit logs capture information related to:
  • the individuals who have accessed a hospital’s triage record summaries, including time and date of access;
  • who initiated a disclosure of that hospital’s patient triage record summaries to another participating hospital (e.g., the user at the hospital that conducted the search for recent ED visits);
  • what hospital received a copy of the patient triage record summaries; and
  • the date and time of the disclosure.
• Ontario Health’s public disclosure channels may not discuss or address the eCTAS initiative. This may result in complaints or challenges as to Ontario Health’s openness in its handling of PHI.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Tel: 416-217-1816

As required by the Information and Privacy Commissioner / Ontario and Ontario Health's (Cancer Care Ontario) Privacy Policy, Ontario Health completed a Privacy Impact Assessment (PIA) on Ontario Health’s NDFP e-claims Solution Project in June 2012.

The 2012 NDFP e-claims Solution Project PIA found that Ontario Health has the authority to operate the program pursuant to the Personal Health Information Protection Act, 2004 (PHIPA). Specifically, the services of the e-claims solution application are provided to the Health Information Custodians (HICs) participating in the NDFP by CCO in its role as a Health Information Network Provider (HINP) and as an agent to the HIC. Additionally, Ontario Health has the authority to continue to operate the NDFP as a prescribed entity.

The following is a summary of the PIA, including a brief background on the NDFP, the motivation for e-claims, a summary of key findings, and Ontario Health’s progress in implementing recommendations as identified in the PIA.

Background

At Ontario Health, the NDFP is one of three reimbursement programs under the Provincial Drug Reimbursement Program (PDRP). The NDFP provides a mechanism for reimbursing regional cancer centres and hospitals for cancer drugs. MOHLTC created the program to provide patients with equal access to injectable cancer drugs that are administered by hospitals.

Over time, it was clear that the NDFP’s processes and resources did not adequately meet the escalating demands of the increased volume of newly funded medications and the patients requiring them. Ontario Health initiated the NDFP e-claims Solution Project to improve NDFP performance and to attain the goal of managing cancer drug claims more efficiently.

Privacy Analysis

The PIA concludes that Ontario Health has the PHIPA authority to provide the services of the e-claims solution application to hospitals participating in the NDFP in order to enableclinicians (pharmacists and physicians) to have access to their patient’s historical treatment records retained within the NDFP database submitted by other treatment facilities (HICs). Ontario Health has this authority as a “health information network provider” and as an agent to the HICs pursuant to subsection 6(2) of PHIPA. In addition, Ontario Health has the authority to continue to operate the NDFP as a section 45 prescribed entity.

Privacy Impact Assessment Recommendations

The following summary identifies the PIA recommendations:

1. The program should ensure that Ontario Health executes License Agreements with hospitals prior to granting access to the e-claims application. The following additional provisions should be included in the Terms of Use for the eclaims application and the License Agreement between Ontario Health and the hospitals: identifying that all participating hospitals agree to and provide Ontario Health the direction to make a patient’s treatment history available to the clinician(s) subsequently providing care and request reimbursement through the NDFP for the same patient; that the application must restrict access only to the clinicians with a patient’s circle of care; and that Ontario Health will act as the agent for the hospitals in their provision of the services of the eclaims application. These recommendations have been implemented.
2. The program should provide notice to the public through public disclosure channels in consultation with Ontario Health’s Privacy Office as to the intended disclosure of a patient’s NDFP treatment history to hospitals requesting reimbursement through the NDFP. This recommendation has been implemented.
3. Ontario Health should clarify FIPPA’s applicability to Ontario Health through an amendment to PHIPA and/or its Regulation. Ontario Health has provided the Ministry of Health and Long-Term Care (MOHLTC) a formal submission.
4. NDFP should clarify with the MOHLTC its authority to request PHI related to the Exceptional Access Program (EAP) from Ontario Health. This recommendation has been implemented.

NDFP to advise the Privacy Office if and when new linkages occur between PHI in the NDFP Data Holding and existing Ontario Health data holdings and whether a permanent data holding will be created after any such linkages. On-going engagement of the Privacy Office as required.

Ontario Health’s Information Security Office to complete a security assessment on the eclaims application. A Technical Vulnerability Assessment (TVA) will be completed prior to the launch of the eclaims application. Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Telephone: 416-217-1816

As required by the Information and Privacy Commissioner of Ontario and by Ontario Health's Privacy Policy, Ontario Health (Cancer Care Ontario) commissioned a privacy impact assessment (PIA) on the Ontario Breast Screening Program’s (OBSP) Integrated Cancer Management System (ICMS). The flow of personal health information (PHI) as it traverses through ICMS and the business processes were documented and assessed to ensure legislative compliance from a privacy best practice perspective.

The following is a summary of the PIA, including a brief background on the OBSP, key findings, and Ontario Health’s progress in implementing the recommendations.

Background

The OBSP is an Ontario Health and Ministry of Health and Long-Term Care initiative for the delivery of high quality breast screening to Ontario women. The OBSP cancer screening services are delivered to women age 50 and over at dedicated sites, affiliated hospitals and independent health facilities.

To support the operation of the OBSP, Ontario Health established the ICMS. This application and its database are controlled and operated by Ontario Health and provided to screening sites for client registration, follow-up and case management. In addition, Ontario Health employs the information submitted via the ICMS for the purpose of cancer system planning and management (for example, reporting on wait times for breast assessments).

This PIA assesses ICMS as an application provided by Ontario Health to OBSP sites to assist in the operation of the OBSP program. Ontario Health’s collection and use and disclosure of personal health information (PHI) the purpose of operating the OBSP in its role as PHIPA section 39 (1)(c) prescribed person and for health system planning as a PHIPA section 45 prescribed entity was assessed in the OBSP Privacy Impact Assessment conducted in March 2015.

Legislative Authority

The PIA found that Ontario Health has the authority under PHIPA O. Reg. 329/04 s. 6(2) to operate ICMS as a Health Information Network provider.

The PIA recommends several measures to ensure that the operation of the OBSP and ICMS comply with Ontario Health policies and procedures, and recognized standards of privacy best practice. Key PIA recommendations related to the clarification of accountability when sharing personal health information through ICMS; the elaboration of information management practices and procedures; the communication of these standards, practices and procedures to sites; and implementation of minor technical fixes to the ICMS were met by Ontario Health via IT solutions, policies and procedures, and communications to sites. Since drafting the PIA, all recommendations have been addressed.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3
Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Telephone: 416-217-1816

As required by the Information and Privacy Commissioner / Ontario and Ontario Health's Privacy Policy, CCO completed a Privacy Impact Assessment (PIA) on CCO’s Positron Emission Tomography (PET) Scan Evidence-Based (EB-PET) Program in December 2010.

The 2010 EB-PET Program PIA found that PHIPA authorities are in place for the operations of the program:

• The PET Scans Ontario web application and database are managed by CCO acting as an agent for the participating health information custodians in its role as a health information network provider (HINP).
• The PET Scans Ontario database is used by CCO in its role as a prescribed entity.

The following is a summary of the PIA, including a brief background on the EB-PET Program, key findings, CCO’s progress in implementing the recommendations which were identified in the PIA and contact information for requesting a copy of the full PIA.

Background

In April of 2010, the MOHLTC and Cancer Care Ontario (CCO) entered into an agreement for CCO to establish, manage and coordinate the EB-PET Program. The Program covers uninsured PET scan services. Uninsured PET scan services fall under one of three domains: the PET Registry domain, the PET Clinical Trials domain or the PET Access Program domain.

The EB-PET Program will provide an information technology (IT) solution (“PET Scans Ontario web application”), which will be used to support the activities of the uninsured program domains (PET Registry, PET Clinical Trials and the PET Access Program) and insured PET scan services.

The PET Scans Ontario web application enables physicians, through the use of webbased forms, to request PET scans for their patients and enables PET Centres, through the use of web-based forms, to submit results from PET scans performed at their institutions. This use of the web application by the referring physicians and the PET Centres is expected to improve the efficiency of processes and increase the security and data quality of information exchange between physicians and PET Centres.

Privacy Impact Assessment

The PET Scans Ontario web application will be provided to referring physicians and PET Centres under the ss. 6(2) PHIPA Regulation authority of a HINP:

• Ontario Health will provide the secure PET Scans Ontario web application to referring physicians (HICs) to allow them to submit requests for PET scans, access results of completed PET scans and access their patient’s PHI when the data is entered into the Ontario Health PET Scans Ontario web application by another HIC.
• Ontario Health will provide the secure PET Scans Ontario web application to PET Centres (HICs) to allow them to access requests for PET scans, submit results of completed PET scans and access their patient’s PHI when the data is entered into the Ontario Health PET Scans Ontario web application by another HIC.

Ontario Health will be acting as an agent to the HICs (referring physicians and PET Centres), as that term is defined in s. 2 of PHIPA, for managing and operating all of the domains under the EB-PET Program.

Under the PET Access Program domain, physicians will obtain the express consent of patients to provide the patient’s information to Ontario Health via the PET Scans Ontario web application for the purposes of adjudication to determine eligibility for the patient to receive a PET scan.

Lastly, Ontario Health will use the PHI it collects from PET Centers to compile statistical reports for assessing the extent to which health care technologies such as PET scans should be used in the delivery of health care services. The PET scan reports, which do not contain PHI, will be provided by Ontario Health to the MOHLTC and the PET Steering Committee. PHIPA permits Ontario Health, as a section 45 prescribed entity, to collect, use and disclose PHI for the purposes of planning and management for the health system.

The PIA recommends several measures to ensure that any data collected, used or disclosed by the EB-PET Program complies with PHIPA as well as Ontario Health policies, procedures, standards and best practices.

Implementation of Privacy Impact Assessment Recommendations

In summary, the PIA provides the following recommendations:

1. Amendment to PHIPA and/or its Regulation, clarifying that FIPPA does not apply to Ontario Health 's collection, use or disclosure of PHI, when acting under its various PHIPA authorities;
2. Agreements are required to be in place between Ontario Health and HICs using the PET Scans Ontario web application;
3. An Agreement is required to be in place prior to Ontario Health transferring data to external organizations as permitted under PHIPA;
4. All data linkages are to be performed in accordance with Ontario Health’s Privacy Policy (4th edition);
5. Quality assurance practices are to be implemented;
6. A Threat Risk Assessment is to be conducted;
7. A threat model for HINP logging and audit requirements are to be developed; and
8. A plain language description of the EB-PET program and the safeguards it has implemented should be made available to HICs and the public.
9. Ontario Health is in the process of addressing all of the recommendations which were identified in the 2010 EB-PET Program PIA.

Please contact the Privacy Office should you have any questions.

Privacy Office
Ontario Health
525 University Avenue, 5th Floor, Toronto, ON M5G 2L3 Email: oh-cco_legalandprivacyoffice@ontariohealth.ca
Telephone: 416-217-1816

Prescribed Entity

Alternative Level of Care - Remote Care Monitoring and Surgical Transition (ALC RCM/STRCM)

Statement of Purpose: To evaluate if ALC - RCM impact the number of emergency visits and hospital admissions. The data is key to establishing an effective care model and value of funds.

Need for Personal Health Information (PHI): PHI is required for analysis and to support program evaluation for RCM/STRCM and the Scale and Spread program.

Data Types:

• Health Services
• Demographic

Data Provider:

• Hospitals
• Local Health Services Providers

Ambulatory Oncology Patient Satisfaction Survey (AOPSS)

Statement of Purpose: The purpose of this dataset is to evaluate patient satisfaction levels with ambulatory oncology services.

Need for Personal Health Information (PHI): PHI is required to determine health system planning with regard to ambulatory oncology services.

Data Types:

• Health Services
• Survey

Data Provider:

• Hospitals (via Ontario Hospital Association

Brachytherapy Radiation Treatment Program

Statement of Purpose: The purpose of this dataset is to maintain data related to prostate cancer patients in accordance with program guidelines for health system planning and management.

Need for Personal Health Information (PHI): PHI is required to conduct analyses and report on the Brachytherapy Program for health system planning purposes.

Data Types:

• Care Provider
• Facilities
• Financial
• Health Services
• Demographic

Data Provider:

• Referring physicians

Breast and Colorectal Cancer Well Follow-Up Initiatives

Statement of Purpose: The purpose of this dataset is to maintain data for breast and colorectal cancer survivors participating in the Well Follow-Up Initiatives. It contains information regarding a patient's visit with their oncologist.

Need for Personal Health Information (PHI): PHI is required to support the development and implementation of models of care to transition appropriate breast and colorectal cancer survivors away from oncologist-led follow-up care.

Data Types:

• Care Provider
• Geographic
• Health Services
• Facilities
• Demographic

Data Provider:

• Regional Cancer Centres

Canadian Community Health Survey (CCHS) Linking files

Statement of Purpose: The purpose of this dataset is to examine the impact of modifiable cancer risk factors on cancer incidence in Ontario.

Need for Personal Health Information (PHI): PHI is required to support research, including examining the association between behaviour consistent with cancer prevention recommendations and cancer incidence using population-based behavioural risk information.

Data Types:

• Demographic
• Geographic
• Survey

Data Provider:

• Ministry of Health

Canadian Institute for Health Information (CIHI) Population Grouping Methodology (PopGrouper)

Statement of Purpose: The purpose of this dataset is to securely store data containing clinical and demographic profiles at the person-level to support reporting and analysis of health care needs at the population-level.

Need for Personal Health Information (PHI): PHI is used to ensure data alignment and data management across the province and support health system planning, including planning purposes related to Ontario Health Teams (OHTs) and individuals within their attributed population.

Data Types:

• Health Services
• Demographic
• Geographic

Data Provider:

• Ministry of Health

Cancer Activity Level Reporting (ALR)

Statement of Purpose: The purpose of this dataset is for reporting and analysis purposes. It represents the basic set of data elements required to produce the quality, cost, and performance indicators for the cancer system.

Need for Personal Health Information (PHI): PHI is required to support multiple OH initiatives focused on radiation; systematic treatment; psychosocial oncology; palliative care; smoking cessation; symptom management, and the Ontario Cancer Registry.

Data Types:

• Health Services
• Demographic
• Financial
• Wait Times
• Care Provider

Data Provider:

• Regional Cancer Centres
• Hospitals

Case-By-Case Review Program (CBCRP)

Statement of Purpose: The purpose of this dataset is to store patient and treatment information about systemic therapy drug utilization at Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to conduct analysis and reporting to the Ministry of Health on the CBCRP for health system planning purposes.

Data Types:

• Care Provider
• Health Services
• Demographic

Data Provider:

• Hospitals

Centralized Case and Contact Management System (CCM)

Statement of Purpose: The purpose of this data set is to support OH in the tracking and management of COVID positive cancer and renal patients as well as health system-related analytics and reporting.

Need for Personal Health Information (PHI): PHI is required for health system planning work, for example, examining the long- term outcomes, utilization and care trajectories of COVID-19 survivors to develop optimal pathways of care for COVID-19 patients treated in hospital that span acute, post-acute and community care.

Data Types:

• Health Services
• Facilities

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Central Waitlist Management (CWM) Surgical Efficiency Reporting Information System (SERIS) [Formerly SETP]

Statement of Purpose: The purpose of this dataset is to provide information in near real-time about operating room (OR) performance to monitor processes identify and analyze areas where opportunities for improvement may exist in the perioperative portion of the continuum of care.

Need for Personal Health Information (PHI): PHI is required to optimize surgical capacity in Ontario, increase access to surgical services, and maintain high­ quality patient care.

Data Types:

• Care Provider
• Health Services
• Wait Times
• Facilities
• eReferral

Data Provider:

• Hospitals

Chiefs of Ontario (First Nations) Cancer Surveillance

Statement of Purpose: The purpose of this dataset is to securely store data related to cancer incidence, mortality, survival, and prevalence data for First Nations.

Need for Personal Health Information (PHI): PHI is required to support the Ontario First Nations project, between OH, ICES and the Chiefs of Ontario (COO), titled Cancer Incidence, Mortality, Survival, and Prevalence in Ontario First Nations.

Data Types:

• Health Services
• Demographic

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Chimeric Antigen Receptor (CAR) T- Cell Therapy

Statement of Purpose: The purpose of this dataset set is to support planning, funding methodology and forecasting of CART-Cell Therapy treatment within Ontario.

Need for Personal Health Information (PHI): PHI is required to conduct analysis and reporting of the CAR-T program for health system planning purposes.

Data Types:

• Care Provider
• Health Services
• Demographic

Data Provider:

• Requesting Physician
• Hospitals

Client Agency Program Enrollment (CAPE)

Statement of Purpose: The purpose of this data set is to better understand the potential impacts to primary care associated with transitioning patients out of the regional cancer centres back to primary care providers or for health care planning purposes.

Need for Personal Health Information (PHI): PHI is need for policy development, analysis, program evaluation.

Data Types:

• Care Provider
• Demographic

Data Provider:

• Ministry of Health

Client Profile Database (CPRO)

Statement of Purpose: The purpose of this dataset is to store Long-Term Care Home (LTCH) application information that is captured at the client level.

Need for Personal Health Information (PHI): PHI is required to support Access to Care programs in Ontario, for the purpose of strategic analytics for health system planning.

Data Types:

• Health Services
• Demographic

Data Provider:

• Home and Community Care Support Services (HCCSS)

Collaborative Staging

Statement of Purpose: The purpose of this dataset is to describe how far a cancer has spread at the time of diagnosis. It contains patient, tumour and additional disease-site specific factors that together derive the stage of the patient at the time of diagnosis.

Need for Personal Health Information (PHI): PHI is required to enable comprehensive analysis and for linking to the Ontario Cancer Registry (OCR), screening, and treatment data.

Data Types:

• Care Provider
• Geographic
• Ontario Health Derived Cohort
• Health Services
• Demographic
• Facilities

Data Provider:

• Laboratories
• Hospitals

Continuing Care Reporting System (CCRS) -Long Term Care (LTC)

Statement of Purpose: The purpose of this dataset is to support standardized reporting in Long-Term Care Homes (LTCH), personal care homes, and nursing homes.

Need for Personal Health Information (PHI): PHI is required to support:

• Access to Care
• Ontario's Seniors Strategy
• Ontario Renal Network
• Strategic Analysis & Modelling
• Cancer Program

Data Types:

• Geographic
• Health Services
• Demographic

Data Provider:

• Canadian Institute for Health Information (CIHI)

COVaxON

Statement of Purpose: The purpose of this dataset is to monitor the management and delivery of COVID-19 vaccinations. The application allows for inventory management, administration and monitoring and management of outcomes.

Need for Personal Health Information (PHI): Ontario Health has identified business needs for this data in order to support initiatives under its Prescribed Entity (PE) status in areas like ORN and CPQI.

Data Types:

• Health Services
• Demographic

Data Provider:

• Institute for Clinical and Evaluative Sciences (ICES)

Diagnostic Assessment Program (DAP) data

Statement of Purpose: The purpose of this dataset is to securely store data collected from all regional cancer programs for DAP oversight.

Need for Personal Health Information (PHI): PHI is collected to evaluate the impact DAPs have on patients in the diagnostic phase of the cancer journey.

Data Types:

• Care Provider
• Geographic
• Health Services
• Demographic
• Wait Times

Data Provider:

• Hospitals

Discharge Abstract Database (DAD)

Statement of Purpose: The purpose of this dataset is to collect summary diagnostic and treatment information about patients who have received healthcare services as an inpatient (including acute care, chronic care and rehabilitation care) in Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to track hospitalized inpatients.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic
• Care Provider

Data Provider:

• Canadian Institute for Health Information (CIHI)

Drug and Alcohol Treatment Information System (DATIS)

Statement of Purpose: The purpose of this dataset is to securely store clinical information on substance use, problem gambling, and addiction services.

Need for Personal Health Information (PHI): PHI is required to drive community improvement; and conduct analysis of wait times, services utilization and health equity.

Data Types:

• Geographic
• Health Services
• Demographic
• Facilities
• Wait Times

Data Provider:

• Participating Health Care Providers

Electronic Canadian Triage and Acuity Scale (eCTAS)

Statement of Purpose: The purpose of this dataset is to securely store the triage notes from hospital emergency departments across Ontario who use eCTAS to assess and prioritize emergency patients.

Need for Personal Health Information (PHI): PHI is required to analyze patient flow and demand for emergency room services across the province and the reasons for these visits. Ontario Health conducts these analyses for the purposes of health system planning and management.

Data Types:

• Geographic
• Health Services
• Demographic
• Facilities
• Wait Times

Data Provider:

• Participating Emergency Departments

Emergency Department (ED) Patient Satisfaction Survey Data

Statement of Purpose: The purpose of this dataset is to securely store patient satisfaction surveys from all pay-for-results (P4R) hospitals.

Need for Personal Health Information (PHI): PHI is required by Access to Care for operational reporting on services across the province.

Data Types:

• Demographic
• Facilities
• Geographic
• Health Services
• Survey

Data Provider:

• Hospitals

Emergency Room National Ambulatory Reporting System Initiative (ERNI)

Statement of Purpose: The purpose of this dataset is to securely store emergency room (ER) wait times data related to the provincial ER/Alternate Levels of Care (ALC) Strategy.

Need for Personal Health Information (PHI): PHI is required to determine return on investment, performance improvement, and to calculate percentage of patients returning to an ER within a specified time period as a measure of quality of care and potential negative impact of ER focus.

Data Types:

• Health Services
• Facilities
• Geographic
• Demographic
• Wait Times

Data Provider:

• Canadian Institute for Health Information (CIHI)

eOutcomes - Head & Neck Cancer

Statement of Purpose: The purpose of this dataset is to capture and monitor outcomes data for patients with head and neck cancer treated with radiotherapy in a provincial, systematic way. This dataset is a collection of patient outcomes from ten head and neck cancer clinics in Ontario.

Need for Personal Health Information (PHI): PHI is required to ensure accurate capture of patient outcomes post-radiotherapy, and to facilitate the identification of inadvertent duplicate cases.

Data Types:

• Care Provider
• Ontario Health Derived Cohort
• Health Services
• Facilities
• Demographic

Data Provider:

• Physicians/Data
• Managers
• Activitey Level Reporting (ALR)

ePAth

Statement of Purpose: The purpose of this dataset is to securely store anatomical pathology reports remitted by the public and private labs in Ontario. This dataset documents patient, facility, report, and tumour identifiers for patients, as well as tumour information for cancer and other reportable conditions.

Need for Personal Health Information (PHI): PHI is required to support management decision-making, planning, disease surveillance and research, as well as contributing to resolved incidence case data in the Ontario Cancer Registry.

Data Types:

• Ontario Health Derived Cohort
• Health Services
• Demographic
• Facilities
• Geographic
• Care Provider

Data Provider:

• Hospitals
• Participating Laboratories

Episodic Access to Virtual Care (EAVC)

Statement of Purpose: Evaluate the impact EAVC program impact the number of emergency visits. The data is key to establishing an effective care model and value of funds.

Need for Personal Health Information (PHI): PHI is required to understand patient outcomes.

Data Types:

• Health Services
• Demographic

Data Provider:

• Hospitals
• Participating Community Health Services Providers

ePREM (Patient Reported Experience Measure)

Statement of Purpose: This purpose of this dataset is to securely store patient feedback on a patient's most recent visit to a Regional Cancer Centre (RCC) in Ontario in order to enhance patient experience and improve outcomes.

Need for Personal Health Information (PHI): PHI is required to enhance patient experience and improve outcomes through provincial benchmarking and performance management.

Data Types:

• Demographic
• Health Services
• Survey
• Facilities
• Geographic

Data Provider:

• Regional Cancer Centres

eReferral Repository

Statement of Purpose: The purpose of this dataset is to collect all eReferral data generated by Health Care Providers (HCPs) and linking this data with existing Wait Time data residing in Ontario Health's Wait Times Information System (WTIS) to support planning, management, evaluation and monitoring of the health system. The Data will also be used to support planning, management, evaluation and monitoring of Alternate Level of Care (ALC) and wait times available.

Need for Personal Health Information (PHI): PHI (patient demographic data, including direct and quasi- identifiers) is used for linkage purposes. No disclosures of eReferral PHI will occur. Internal and external end-users will have access only to aggregate data (non-PHI).

Data Types:

• Care Providers
• Health Services
• Wait Times
• Facilities
• Demographic
• Geographic

Data Provider:

• Health Care Providers (HCPs) via the eHealth Centre of Excellence

Evidence Building Program (EBP)

Statement of Purpose: The purpose of this dataset is to securely store patient and treatment information about systemic therapy drug utilization at Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to conduct analysis and reporting to the Ministry of Health on the EBP for health system planning purposes.

Data Types:

• Care Providers
• Health Services
• Demographic
• Facilities

Data Provider:

• Hospitals

First Nations Cancer Burden

Statement of Purpose: The purpose of this dataset is to securely store First Nations Cancer Data.

Need for Personal Health Information (PHI): PHI is required to track all instances of First Nations cancer cases for the purposes of health system planning.

Data Types:

• FNIM
• Health Services
• Demographic
• Geographic

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Health Based Allocation Model (HBAM) Impatient Group (HIG)

Statement of Purpose: The purpose of this dataset is to securely store data used as a funding methodology of the Ministry of Health, under the Health System Funding Strategy.

Need for Personal Health Information (PHI): PHI is required to inform the funding methodology used to determine funding at a patient level for cancer quality- based procedures.

Data Types:

• Demographic
• Health Services

Data Provider:

• Ministry of Health

High-Cost Therapy Funding Program (HCTFP)

Statement of Purpose: The purpose of this dataset is to securely store patient and treatment information about systemic therapy, immunotherapy and gene therapy drug utilization at the Ontario Hospitals related to the HCTFP.

Need for Personal Health Information (PHI): PHI is required to determine or provide funding or payment for the provision of health care, and to conduct analysis and reporting for internal program evaluation on the HCTFP and improvement for broader health system planning purposes.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic
• Care Provider

Data Provider:

• Hospitals

High Risk Lung Cancer Screening Pilot (HR LCSP) Data

Statement of Purpose: The purpose of this dataset is to securely store data to assist with performance management and evaluation of the HR LCSP program.

Need for Personal Health Information (PHI): PHI is required to improve data accuracy and for educational and training purposes with respect to high-risk lung cancer.

Data Types:

• Care Provider
• Ontario Health Derived Cohort
• Health Services
• Demographic
• Facilities
• Geographic
• Wait Times

Data Provider:

• Participating Pilot Hospitals

Home Assisted Peritoneal Dialysis (PD)

Statement of Purpose: The purpose of this dataset is to securely store data about patients receiving PD assistance services.

Need for Personal Health Information (PHI): PHI is required to coordinate organization and funding

in the Home and Community Care Support Services (HCCSS).

Data Types:

• Health Services
• Demographic
• Facilities

Data Provider:

• Home and Community Care Support Services (HCCSS)

Home Care Database (HCD)

Statement of Purpose: The purpose of this dataset is to securely store information about home care solutions in Ontario.

Need for Personal Health Information (PHI): PHI is required to determine diagnostic and surgical procedures performed, review intake and assessment processes, and for service delivery.

Data Types:

• Care Provider
• Health Services
• Demographic
• Geographic

Data Provider:

• Home and Community Care Support Services (HCCSS)

Interim Annotated Tumour Project (ATP)

Statement of Purpose: The purpose of this dataset is to securely store tumour information.

Need for Personal Health Information (PHI): PHI is required study the association between genetics and its response to cancer drugs and to create clinical guidelines for the care and treatment of cancer patients in Ontario.

Data Types:

• Health Services
• Demographic
• Care Provider
• Facilities
• Geographic

Data Provider:

• Ontario Institute for Cancer Research (OICR)

lnterRAI Contact Assessment (CA)

Statement of Purpose: The purpose of this dataset is to securely store information that supports the homecare intake process and Ontario Palliative Care Network (OPCN) reporting.

Need for Personal Health Information (PHI): PHI is required to ensure quality improvement and permit planning of palliative care in Ontario.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Home and Community Care Support Services (HCCSS)

lnterRAI Home Care (HC)

Statement of Purpose: The purpose of this dataset is to securely store information related to functioning and quality of life for community residing individuals.

Need for Personal Health Information (PHI): PHI is required to evaluate the needs, strengths, and preferences of adult long-stay individuals in the community, including individuals requesting admission to Long-Term Care Homes.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Home and Community Care Support Services (HCCSS)

lnterRAI Palliative Care (PC)

Statement of Purpose: The purpose of this dataset is to securely store comprehensive assessment data on the strengths, preferences and needs of adults in both hospice and palliative care.

Need for Personal Health Information (PHI): PHI is required to assess the strengths, preferences and needs of adults in hospice and palliative care.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Home and Community Care Support Services (HCCSS)

ISAAC - Symptom Management Reporting Database

Statement of Purpose: The purpose of this dataset is to securely store symptom management survey data collected through the ISAAC database.

Need for Personal Health Information (PHI): PHI is required to promote earlier identification, documentation and communication of patient's symptoms, optimal symptom management, and collaborate care planning for patients who require palliative care services.

Data Types:

• Health Services
• Demographic
• Survey
• Facilities
• Geographic

Data Provider:

• Participating Sites

Keratinocyte carcinoma repository

Statement of Purpose: The purpose of this dataset is to securely store information on diagnosed keratinocyte carcinomas based on data from pathology reports.

Need for Personal Health Information (PHI): PHI is required to support management decision- making, planning, disease surveillance, and research.

Data Types:

• Health Services
• Demographic
• Ontario Health Derived Cohort
• Person
• Geographic
• Care Provider
• Facilities

Data Provider:

• Canadian Institute for Health Information (CIHI)
• Ministry of Health
• Institute for Clinical Evaluative Sciences (ICES)
• Hospitals
• Laboratories

Lakeridge Referral Data

Statement of Purpose: The purpose of this data is to establish and evaluate a referral pathway between regional renal programs and the Ontario Structured Psychotherapy (OSP) program.

Need for Personal Health Information (PHI): PHI is required to link the Lakeridge Referral Data to the Ontario Renal Reporting System (ORRS) to determine characteristics of people who were referred/not referred to OSP. This data is required to determine if the OSP program is appropriate for people with chronic kidney disease (CKD) experiencing anxiety and depression.

Data Types:

• Health Services
• Demographics

Data Provider:

• Lakeridge Hospital

Magnetic Resonance Imaging (MRI) Efficiency

Statement of Purpose: The purpose of this dataset is to securely store MRI efficiency data used to measure key performance indicators to promote efficiency in diagnostic imaging processes and help remove any bottlenecks. Calculated indicators from this dataset will enable sites to identify key areas for improvement and strive for greater efficiency at the site and system levels.

Need for Personal Health Information (PHI): PHI is required to produce the MRI Efficiency Program Dashboard to understand wait times for MRI procedures and identify key areas for improvement in Ontario hospitals.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic
• Wait Times

Data Provider:

• Hospitals

Mental Health and Addictions Access to Care (MHA ATC)

Statement of Purpose: The purpose of this dataset is to securely store ATC data from four specialty psychiatric hospitals.

Need for Personal Health Information (PHI): PHI is required to track wait times, identify service gaps, and build a structure for public reporting and accountability that addresses significant gaps in access mental health and addictions treatment in Ontario.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic
• Wait Times

Data Provider:

• The Centre for Addiction and Mental Health
• Ontario Shores Centre for Mental Health Sciences
• The Royal Ottawa Healthcare Centre
• Waypoint Centre for Mental Health Care

Mental Health and Addictions - Provincial Data Set (MHA PDS)

Statement of Purpose: The purpose of the data set is to security store client level, standardized data elements that support direct service delivery and enable consistent and comparable reporting of service utilization, client outcomes and client characteristics across the Ontario Mental Health and Addictions sector.

Need for Personal Health Information (PHI): PHI is used to create a standardized and centrally connected provincial data repository which will support planning and delivery and provision of high quality and integrated care.

Data Types:

• Health Services
• Demographic
• Geographic
• Care Providers

Data Provider:

• Health Care Providers
• Hospitals

Narcotics Monitoring System (NMS)

Statement of Purpose: The purpose of this data asset is to support ongoing creation and dissemination of MyPractice Reports which provide family physicians, Family Health Team executive directors, general surgeons and orthopedic surgeons with their own prescribing patterns, at an aggregate level.

Need for Personal Health Information (PHI): PHI is required to support the cancer surgery and systemic treatment programs and the OHDP for research, analysis, investigation, prevention, response to or alleviation of COVID-19 or its effects. In addition, it is to evaluate or monitor the impact of COVID-19 on the management of, the allocation of resource to, or planning for all or part of the health system.

Data Types:

• Health Services
• Demographic
• Facilities

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

National Ambulatory Care Reporting System (NACRS)

Statement of Purpose: The purpose of this dataset is to securely store diagnostic and treatment information about patients who have received outpatient surgery or selected other treatments (chemotherapy, emergency department visits, dialysis, and cardiology) in Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to track outpatients and permit quality improvement and health planning services.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Canadian Institute for Health Information (CIHI)

National Rehabilitation Reporting System (NRS)

Statement of Purpose: The purpose of this dataset is to securely store client data collected from participating adult inpatient rehabilitation facilities and programs across Canada.

Need for Personal Health Information (PHI): Ontario Health requires the PHI data to support various business streams, for example:

• Access to Care
• Ontario Renal Network
• Strategic Analysis & Modelling
• Cancer Program

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Canadian Institute for Health Information (CIHI)

New Ambulatory Models of Care (NAMoC)

Statement of Purpose: The purpose of this dataset is to securely store ambulatory care models' data collected from 5 regional cancer programs to identify, evaluate, implement, and spread innovative that are person-centered, sustainable, and cost-effective.

Need for Personal Health Information (PHI): The PHI is required to compare the costs and resource utilizations of NAMOC models against standard of care and to identify, evaluate, implement care models that are person- centered, sustainable, and cost-effective.

• Data Types:
• Health Services
• Demographic
• Geographic

Data Provider:

• Participating health care organizations

New Drug Funding Program (NDFP)

Statement of Purpose: The purpose of this dataset is to securely store patient and treatment information about systemic therapy drug utilization at Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to conduct analysis and reporting to the Ministry of Health on the NDFP for health system planning purposes.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic
• Care Provider

Data Provider:

• Hospitals

Ontario Abdominal Aortic Aneurysm Screening Program (OAAASP) Correspondence Planning File

Statement of Purpose: The purpose of this data asset is to support health system planning for the new OAAASP and its correspondence program.

Need for Personal Health Information (PHI): PHI is required to support health system planning work for a temporary period.

Data Types:

• Ontario Health Derived Cohort
• Health Services
• Care Provider Demographic
• Care Provider Health Services
• Geographic Demographic
• Geographic

Data Provider:

• Siebel
• Screening Integration Hub
• Screening Hub Stage – Client Agency Program Enrollment (CAPE)
• Screening Hub Stage – Claims History Database (CHDB)
• Screening Hub Stage – Registered Persons Database (RPDB)
• Oracle Business Intelligence Enterprise Edition (OBIEE)
• Correspondence Feedback File
• Screening Hub Stage – RPDB

Ontario Breast Cancer Screening Program (OBSP) Database

Statement of Purpose: The purpose of this data holding is to securely store breast cancer screening information collected through the Integrated Cancer Management System (ICMS) for those clients participating in the Ontario Breast Screening Program (OBSP).

Need for Personal Health Information (PHI): PHI is required to implement, plan, manage, evaluate,

allocate resources to, and report on performance of the OBSP.

Data Types:

• Health Services
• Care Provider
• Demographic
• Facilities
• Geographic

Data Provider:

• Ontario Breast Cancer Screening Site

Ontario Drug Benefit (ODB)

Statement of Purpose: The purpose of this dataset is to securely store drug claims data for each prescribed drug dispensed under the Ontario Drug Plan formulary and patient and treatment information about systemic therapy drug utilization at Ontario hospitals.

Need for Personal Health Information (PHI): PHI is required to perform analysis on the volumes of oral chemotherapy drug units that are dispensed.

Data Types:

• Care Provider
• Geographic
• Health Services
• Demographic
• Facilities

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Ontario Health Insurance Plan (OHIP) Claims

Statement of Purpose: The purpose of this dataset is to securely store data related to claims paid for by OHIP to all eligible health care providers (this contains physicians, groups, laboratories and out-of-province providers).

Need for Personal Health Information (PHI): PHI is required for health system planning purposes.

Data Types:

• Health Services
• Financial
• Care Provider

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Ontario Cancer Registry (OCR)

Statement of Purpose: This database is the provincial database of information for all Ontario residents diagnosed with cancer or who have died of cancer Health cancer screening programs for invitation letters, and for cancer research.

Need for Personal Health Information (PHI): PHI is required to support management decision-making, planning, disease surveillance, and research.

Data Types:

• Health Services
• Demographic
• Ontario Health Derived Cohort
• Person
• Geographic
• Care Provider
• Facilities
• ORG information (death data)
• Pathology (all cancer and non-cancer related reports

Data Provider:

• Canadian Institute for Health Information (CIHI)
• Hospitals and Laboratories
• Ministry of Health and Long Term Care
• Ministry of Government and Consumer Services (MGCS)
• Pediatric Oncology Group of Ontario (POGO)
• Statistics Canada Out of Province, notifications from other provinces/territories of Ontario residents diagnosed or treated in the notifying P/T

Ontario Crohn's and Colitis Cohort (OCCC)

Statement of Purpose: The purpose of this dataset is to securely store data that identifies individuals in Ontario who have been diagnosed with Inflammatory Bowel Disease (IBD).

Need for Personal Health Information (PHI): PHI is required to identify and exclude IBD patients from the colonoscopy cohorts to improve the accuracy of the information used to support quality management for the Colon Cancer Check (CCC) and Gastrointestinal Endoscopy Quality Based Procedure programs.

Data Types:

• Health Services
• Demographic

Data Provider:

• Institute for Clinical Evaluative Sciences (ICES)

Ontario Evidence- Based Positron Emission Tomography (EB- PET) Program)

Statement of Purpose: The purpose of this dataset is to securely store data related to the evidence-based PET Scan Evidence- Based program.

Need for Personal Health Information (PHI): PHI is required for health system planning and capital planning purposes and to carry out OH's mandate to:

• Provide direction to the PET Steering Committee and/or Ministry of Health
• Link to other data holdings for reporting and analysis for the evaluation and management of the PET Scans Ontario Program.

Data Types:

• Health Services
• Demographic
• Care Provider
• Facilities
• Geographic

Data Provider:

• Referring physicians'
• Diagnostic centres

Ontario Laboratories Information System (OLIS)

Statement of Purpose: The purpose of this dataset is to securely store lab test result information for Ontario patients.

Need for Personal Health Information (PHI): PHI is required to enable OH to link OLIS data with its patient records to carry out health analytics.

Data Types:

• Care Provider
• Demographic
• Facilities
• Geographic
• Health Services

Data Provider:

• Ministry of Health

Ontario Mental Health Reporting Systems (OMHRS)

Statement of Purpose: The purpose of this dataset is to securely store data on patients in adult designated inpatient mental health beds, provincial psychiatric facilities, and specialty psychiatric facilities.

Need for Personal Health Information (PHI): PHI is required by the Access to Care team to better understand alternate levels of care (ALC) in Ontario, and to support Ministry-led initiatives such as Ontario's Seniors Strategy.

Data Types:

• Health Services
• Facilities
• Geographic
• Demographic

Data Provider:

• Canadian Institute for Health Information (CIHI)

Ontario Health Teams Attribution Methodology (OHTAM)

Statement of Purpose: The purpose of this dataset is to securely store data on individuals and their assigned Ontario Health Team (OHT).

Need for Personal Health Information (PHI): PHI is required to allow for the linking of individuals with the OHT that they are associated with in order to develop, generate and manage performance metrics and data analytics related to the attributed population.

Data Types:

• Health Services
• Care Provider
• Geographic

Data Provider:

• Ministry of Health

Ontario Structured Psychotherapy Program (OSP)

Statement of Purpose: The purpose of this dataset is to securely store data on the OSP program and includes referral information, diagnosis information and treatment data.

Need for Personal Health Information (PHI): PHI is required to drive community improvement; and conduct analysis of wait times, services utilization, and health equity.

Data Types:

• Health Services
• Demographic

Data Provider:

• Health Care Service Providers (via CAMH)

Out-of-Country (OOC)

Statement of Purpose: The purpose of this dataset is to securely store data on Ontario residents who have received cancer treatment outside of Canada.

Need for Personal Health Information (PHI): PHI is required to monitor trends in OOC services - for example to identify if a trend is occurring for one treatment, and to identify if and when it is more effective

to deliver treatments in the province.

Data Types:

• Health Services
• Care Provider
• Demographic
• Facilities
• Geographic

Data Provider:

• Ministry of Health
• Referring Physicians

Out of Province (OOP) Data

Statement of Purpose: The purpose of this dataset is to securely store data for persons with Ontario Cancer Registry {OCR) reportable diseases for Ontario residents diagnosed or treated outside of Ontario.

Need for Personal Health Information (PHI): PHI is required to serve as source records for incident cases, OOP data support management decision- making, planning, disease surveillance and research.

Data Types:

• Health Services
• Demographic
• Geographic
• Ontario Health Derived Cohort

Data Provider:

• Canadian Provinces/Territories

Ontario Palliative Care Network Data Repository (OPCN)

Statement of Purpose: The purpose of this dataset is to securely store population-level data imported from OH health administrative data sources and used to better understand the patient throughout their end-of-life journey.

Need for Personal Health Information (PHI): PHI is required for comprehensive analytical and reporting and to develop concepts on health system utilization, disease identification, significant health events, treatments, interventions, assessment survey results, co- morbidity scores and other important health information.

Data Types:

• Health Services
• Demographic
• Ontario Health Derived Cohort
• Care Provider
• Facilities
• Geographic

Data Provider:

• Ministry of Health
• Home and Community Care Support Services (HCCSS)
• Institute for Clinical and Evaluative Sciences (ICES)
• Canadian Institute for Health Information (CIHI)

Ontario Renal Network (ORN) - Centre of Practice (COP) Reporting Tool

Statement of Purpose: The purpose of this dataset is to securely store information on patients who were referred for peritoneal dialysis (PD) and vascular access (VA) and whose procedures have been completed.

Need for Personal Health Information (PHI): PHI is required to support the evaluation and management of the COP pilot initiative.

Data Types:

• Care Provider
• Geographic
• Demographic
• Facilities
• Health Services

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Glomerulonephritis (GN) and Pregnancy data  

Statement of Purpose: The purpose of this dataset is to securely store data on women with complex GN and kidney disease who require maternal care.

Need for Personal Health Information (PHI): PHI is required to enable planning, decision and monitoring of outcomes, ensure patients are supported to make informed decisions, and to ensure patients have appropriate access to drugs and to standardized, timely and high-quality care.

Data Types:

• Care Provider
• Facilities
• Geographic
• Health Services
• Demographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Infection Reporting Tool - Catheter Related Bacteremia (CRB) and Peritonitis   

Statement of Purpose: The purpose of this dataset is to securely store manually entered data describing CRB and peritonitis events, leveraging data captured in the Ontario Renal Reporting System (ORRS).

Need for Personal Health Information (PHI): PHI is required to calculate CRB and peritonitis rates and to calculate person-time with a hemodialysis catheter.

Data Types:

• Care Provider
• Facilities
• Geographic
• Health Services
• Demographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Integrated Dialysis Care (IDC)   

Statement of Purpose: The purpose of this dataset is to securely store data to support the IDC model initiative.

Need for Personal Health Information (PHI): PHI is required to support community management and planning through the Regional Renal Program (RRP) and explore options for comprehensive funding for the continuum of renal services, from hospital, to clinic, to home, and community settings.

Data Types:

• Care Provider
• Facilities
• Health Services
• Geographic
• Demographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Long Term Care (LTC) Peritoneal Dialysis (PD)   

Statement of Purpose: The purpose of this dataset is to securely store quality and standardized data on assisted PD patients residing in LTC homes in Ontario.

Need for Personal Health Information (PHI): PHI is required to support management, data quality assurance, decision-making, planning, disease surveillance, and research activities.

Data Types:

• Facilities
• Health Services
• Geographic
• Demographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Ontario Renal Reporting System (ORRS) Annual Survey   

Statement of Purpose: The purpose of this dataset is to securely store ORRS survey data for living chronic dialysis patients being treated in an ORN facility.

Need for Personal Health Information (PHI): PHI is required for patient experience health system planning.

Data Types:

• Facilities
• Health Services
• Geographic
• Demographic
• Survey

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Palliative - Person- Centred Decision Making (PCDM)   

Statement of Purpose: The purpose of this dataset is to securely store data on multi-care kidney clinic and chronic dialysis patients in Ontario.

Need for Personal Health Information (PHI): PHI is required to support shared decision- making and clinical awareness for early identification of patients who may benefit from a palliative approach to care.

Data Types:

• Facilities
• Health Services
• Demographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - PREMs (Patient Reported Experience Measure)   

Statement of Purpose: The purpose of this dataset is to securely store patient experience survey data for the Patient Assessment of Chronic Illness Care and Modified Shared Decision-Making Questionnaire.

Need for Personal Health Information (PHI): The PHI is required by Regional Renal Programs to inform about the experience of renal care within their program and are used to drive local improvements to care.

Data Types:

• Facilities
• Health Services
• Demographic
• Survey

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Personal Support Worker (PSW)   

Statement of Purpose: The purpose of this dataset is to securely store PSW hours linked to and paid for on behalf of each patient.

Need for Personal Health Information (PHI): PHI is required to match patient information for the administration of the program.

Data Types:

• Care Provider
• Facilities
• Health Services
• Demographic
• Geographic

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Your Symptoms Matter (YSM)

Statement of Purpose: The purpose of this dataset is to securely store self- reported symptom management data from renal patients in the province.

Need for Personal Health Information (PHI): PHI is required to evaluate the initiative, by reviewing the symptoms of the patient population, the impact on patient service utilization, and adherence to the symptom screening portion of the YSM clinical workflow.

Data Types:

• Care Provider
• Facilities
• Surveys

Data Provider:

• Renal sites

Ontario Renal Network (ORN) - Your Symptoms Matter (YSM) Chart Audits

Statement of Purpose: The purpose of this dataset is to securely store YSM Chart Audit Tool responses that reflect the documentation found in the patient charts.

Need for Personal Health Information (PHI): PHI is required to evaluate pilot site adherence to the symptom assessment and management portions of the YSM clinical workflow.

Data Types:

• Care Provider
• Facilities
• Surveys

Data Provider:

• Renal sites

Ontario Renal Reporting System (ORRS)

Statement of Purpose: The purpose of this dataset is to securely store data for patients receiving care for chronic kidney disease (CKD) in Ontario and provides a longitudinal journey of patients and events within regional renal programs from entry into multi-care kidney clinic to dialysis.

Need for Personal Health Information (PHI): PHI is required to report CKD events, support planning, clinical programs, and integrated care.

Data Types:

• Care Provider
• Facilities
• Health Services
• Demographic
• Surveys

Data Provider:

• Renal sites

Patient Reported Experience Measures (PREMs)

Statement of Purpose: The purpose of this dataset is to securely store patient reported information on what matters to patients and how they experience care.

Need for Personal Health Information (PHI): PHI is required to drive quality improvement based on patients' needs, wants and preferences.

Data Types:

• Facilities
• Health Services
• Demographic
• Surveys

Data Provider:

• Regional Cancer Programs

Patient Reported Outcome Measures (PROMs)

Statement of Purpose: The purpose of the data set is to security store clinically validated questionnaires assessing quality of life and symptoms for the purpose of improving symptom management at the point of care.

Need for Personal Health Information (PHI): PHI is required to drive quality improvement based on patient's experiences and outcome of the treatment.

Data Types:

• Facilities
• Health Services
• Demographic
• Surveys

Data Provider:

• Health Information Custodians

Pathology- ePath and eMaRC

Statement of Purpose: The purpose of this dataset is to securely store patient and tumour information for cancer and cancer-related pathology reports (tissue, cytology). ePath documents patient, facility and report identifiers, such as site, histology and behavior.

Need for Personal Health Information (PHI): PHI is used to support management decision- making, disease surveillance, and research, as well as contributing to resolved incidence case data in the Ontario Cancer Registry (OCR).

Data Types:

• Care Provider
• Facilities
• Health Services
• Demographic

Data Provider:

• Hospitals
• Laboratories

Pathology Data Mart  

Statement of Purpose: The purpose of this dataset is to securely store data derived from the pathology reports and uploaded into the enterprise data warehouse.

Need for Personal Health Information (PHI): PHI is used to support management decision- making, planning, disease surveillance, and research, as well to contribute to resolving incidence case data in the Ontario Cancer Registry (OCR).

Data Types:

• Facilities
• Health Services
• Demographic

Data Provider:

• Hospitals
• Laboratories

Prophylactic Mastectomy   

Statement of Purpose: The purpose of this dataset is to securely store data on and verify prophylactic mastectomy procedures for high-risk patients.

Need for Personal Health Information (PHI): PHI is required to identify and track patients at high-risk for breast cancer who have had prophylactic mastectomy procedure.

Data Types:

• Facilities
• Health Services
• Demographic

Data Provider:

• Hospitals

Registered Persons Database (RPDB) Data Mart

Statement of Purpose: The purpose of this dataset is to securely store personal demographic information for all persons eligible for Ontario health insurance coverage and Ontario drug benefits.

Need for Personal Health Information (PHI): PHI is required to ensure that individuals in other data sources are identified correctly and to support analysis by demographic groups and geographic.

Data Types:

• Geographic
• Demographic

Data Provider:

• Ministry of Health

Renfrew County Virtual Triage and Assessment Centre (RCVTAC)

Statement of Purpose: Evaluate the impact RCVTAC program impact the number of emergency visits and hospital admissions. The data is key to establishing an effective care model and value of funds.

Need for Personal Health Information (PHI): PHI is required to understand patient outcomes and demographics.

Data Types:

• Health Services
• Demographic

Data Provider:

• Local Health Services Providers

Short Term Transitional Care Model Data (STTCM)

Statement of Purpose: The purpose of this dataset is to securely store quantitative data on Alternate Levels of Care (ALC) performance indicators specific to STTCMs and patient satisfaction.

Need for Personal Health Information (PHI): This PHI required to evaluate the STTCMs and identify the impact these models may have on local ALC pressures and patient outcomes. This information is used to design solutions to continue to reduce ALC volumes and support potential future implementation of these models.

Data Types:

• Geographic
• Facilities
• Health Services
• Demographic
• Wait Times

Data Provider:

• Home and Community Care Support Services (HCCSS)

Screening Data Mart (SCDM) / Evaluation Reporting Data Mart (ERDM)

Statement of Purpose: The purpose of this dataset is to securely store screening clinical and administrative data to enable Program planning and reporting.

Need for Personal Health Information (PHI): PHI is required to support the planning and forecasting for the Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP), and the Colon Cancer Check (CCC) within Ontario.

Data Types:

• Ontario Health Derived Cohort
• Care Provider
• Demographic
• Geographic
• Health Services
• Facilities

Data Provider:

• Ministry of Health
• Laboratory
• Hospital
• Fulfilment House
• Statistics Canada
• Siebel Call Centre

Smoking Cessation

Statement of Purpose: The purpose of this dataset is to securely store performance metrics based on the smoking status of ambulatory cancer patients collected at the 14 regional cancer centers (RCCs).

Need for Personal Health Information (PHI): The PHI is used to produce smoking cessation performance indicators for multiple reports and scorecards, such as 'Tobacco Use Screening' and 'Accepted a Cessation Referral' for the Regional Performance Scorecard.

Data Types:

• Facilities
• Health Services
• Demographic

Data Provider:

• Regional Cancer Centres

Specialized Services Oversight - Asparaginase Activity Level (AAL) Testing

Statement of Purpose: The purpose of this dataset is to securely store information on specialized cancer care received in Ontario, including Asaraginase Level Testing for patients receiving treatment for Acute Leukemia.

Need for Personal Health Information (PHI): PHI is required for analysis and reporting to support the management of the delivery of AAL Testing at sites across the province and to report on patient volumes.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Participating Hospitals

Specialized Services Oversight Information Systems (SSO-IS)

Statement of Purpose: The purpose of this dataset is to securely store information on specialized cancer care received in Ontario, including services related to Acute Leukemia, Stem Cell Transplant, lnterventional Radiology and Sarcoma.

Need for Personal Health Information (PHI): PHI is required for analysis and reporting to support the management of the delivery of coordinated care across the province, including:

• Providing timely and coordinated access to service.
• Focusing on better outcomes and improved patient experience.
• Encouraging hospitals and providers to work together to form a network of services which are person-centered, evidence based and support evolving clinical practices.

Data Types:

• Health Services
• Demographic
• Facilities
• Geographic

Data Provider:

• Participating Hospitals

Wait Times Information System (WTIS)

Statement of Purpose: The purpose of this dataset is to securely store wait times information for five areas of care: cataract surgery, cancer surgery, cardiac surgery, hip and knee replacement surgery, and MRI/CT scans for all adult and pediatric patients. Wait time is calculated from the time a decision is made to treat a patient to the time of treatment of the patient.

Need for Personal Health Information (PHI): PHI is required to monitor wait times for surgical and diagnostic services across the province to support Ontario's wait time strategy and to identify areas where additional resources may be required to improve access to care.

Data Types:

• Geographic
• Facilities
• Health Services
• Demographic
• Wait Times

Data Provider:

• Hospitals
• Ministry of Health

Virtual Urgent Care (VUC)

Statement of Purpose: The purpose of this data set is to monitor VUC models offered at participating hospitals during the COVID-19 pandemic. These models of care enable patient assessment without the need to visit an Emergency Department in person during the pandemic.

Need for Personal Health Information (PHI): OH uses PHI to evaluate the VUC models of care and to plan for future delivery of virtual services.

Data Types:

• Health Services
• Demographic
• Facilities

Data Provider:

• Participating Hospitals

Prescribed Person

Colon Cancer Check (CCC) Interim Solution

System no longer used, required for Data migration, Archive and Audit only.

Statement of Purpose: The purpose of the data holding is to securely store data to support CCC Screening Operations.

Need for Personal Health Information (PHI): PHI is required for CCC client management and operations including clinical results, direct client interactions and correspondence.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Ministry of Health
• Laboratories
• Individuals (Call Centre direct data entry)

Colon Cancer Check (CCC) List Management System (LMS)

System no longer used, required for Data migration, Archive and Audit only.

Statement of Purpose: The purpose of this data holding is to securely store data to support CCC Screening Operations.

Need for Personal Health Information (PHI): PHI is required for data exchange to and from health service providers via secure web portal, as well as for validation of patient lists and electronic distribution of Provider Reports.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• CCC - Siebel

Ontario Public Drug Programs (OPDP) - Health Network System (HNS)

Data Asset decommissioned in June 2020; however, data has been archived for approximately 5 years.

Statement of Purpose: The purpose of this data holding is to securely store fecal occult blood test (FOBT) data dispensed by pharmacies to support the Colon Cancer Check (CCC) Program.

Need for Personal Health Information (PHI): PHI is required to evaluate the level of dispensing of FOBT kits at the pharmacies.

Data Types:

• Health Services
• Demographic
• Geographic

Data Provider:

• Ministry of Health

Siebel

Statement of Purpose: The purpose of this data holding is to securely store data to enable Contact Centre Screening Operations for the Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and the Colon Cancer Check (CCC).

Need for Personal Health Information (PHI): PHI is required to support administration of the Integrated Cancer Screening program, including client management, direct client interaction, and cancer screening correspondence.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Screening Integration Hub

Screening Integration Hub

Statement of Purpose: The purpose of this data holding is to securely integrate and link disparate clinical and administrative data holdings to create Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and Colon Cancer Check (CCC) Screening records for a Cancer Person in context to provider and facility to enable Siebel Screening Operations, campaign management and reporting functions.

Need for Personal Health Information (PHI): PHI is required to support Screening Operations, campaign management, and reporting functions.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Ministry of Health
• Laboratory
• Hospital
• Statistics Canada
• Siebal Call Centre

Screening Hub Stage - Client Agency Program Enrollment (CAPE)

Statement of Purpose: The purpose of this data holding is to securely store patient enrolment data and information about associations of each enrolled Ontarian with a specific physician at a specific agency in a formally recognized program (e.g., a Family Health Team).

Need for Personal Health Information (PHI): The PHI is required to identify physicians in Ontario who have rostered patients and to compile a list of eligible rostered patients who will be invited to participate in the cancer screening program. This is a core asset for the Ontario Cancer Screening Registry (OCSR).

Data Types:

• Care Provider
• Demographic

Data Provider:

• Ministry of Health

Screening Hub Stage - Claims History Database (CHDB)

Statement of Purpose: The purpose of this data holding is to securely store data related to medical claims paid for by the Ontario Health Insurance Plan (OHIP) to all eligible health care providers for Claims related to Cancer Screening (OBSP, OCSP, CCC) and the Quality Management Partnership (QMP).

Need for Personal Health Information (PHI): PHI is required to enhance the establishment of a person's Screening record to inform Screening Operations (OBSP, OCSP, CCC), Campaign Management and Reporting.

Data Types:

• Care Provider
• Health Services

Data Provider:

• Ministry of Health

Screening Hub Stage- Colonoscopy Interim Reporting Tool (CIRT)

System no longer used, required for Data migration, Archive and Audit only.

Statement of Purpose: The purpose of this data holding is to securely store colonoscopy procedure information submitted by hospitals to support the Colon Cancer Check (CCC) program.

Need for Personal Health Information (PHI): This PHI is required to understand colonoscopy activity conducted within participating facilities from volume, wait time and quality perspectives. It is also used to determine funding and volume allocations across participating facilities.

Data Types:

• Care Provider
• Facilities
• Health Services
• Demographic
• Geographic

Data Provider:

• Hospitals

Gastrointestinal (GI) Endoscopy

Statement of Purpose: The purpose of this dataset is to securely store colonoscopy procedure information submitted by hospitals to support the Colon Cancer Check (CCC) program.

Need for Personal Health Information (PHI): This PHI is required for monitoring, evaluating, and reporting on GI endoscopy services. This database replaced the Colonoscopy Interim Reporting Tool (CIRT) in February 2017.

Data Types:

• Care Provider
• Facilities
• Health Services
• Demographic
• Geographic

Data Provider:

• Hospitals

Fecal lmmunochemical Test (FIT) database

Statement of Purpose: The purpose of this data holding is to securely store data collected from laboratories about FIT results to support the Colon Cancer Check (CCC) Program.

Need for Personal Health Information (PHI): PHI is required to manage the CCC program, monitor, evaluate and report on FIT volumes, lab quality.

Data Types:

• Geographic
• Care Provider
• Facilities
• Health Services
• Demographic

Data Provider:

• Participating Laboratories

Lab Reporting Tool (LRT)

Statement of Purpose: The purpose of this data holding is to securely store information from laboratories on fecal occult blood test (gFOBT) results for the Colon Cancer Check (CCC) program.

Need for Personal Health Information (PHI): The PHI is used to:

• Generate participant communications; and
• Monitor and report on gFOBT test volumes, geographic differences, test quality, and variations between participating laboratories to highlight the need for further awareness or education programs.

Data Types:

• Geographic
• Care Provider
• Health Services
• Demographic

Data Provider:

• Laboratories

Ontario Cancer Registry (OCR) Screening Subset

Statement of Purpose: The purpose of this data holding is to securely store a subset of the OCR for screening (OBSP, CCC, OBSP).

Need for Personal Health Information (PHI): PHI is required to support Ontario Cancer Screening Registry (OCSR) by identifying individuals who are ineligible for breast, colorectal and cervical screening.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Ontario Health as Prescribed Entity

Screening Hub Stage - Registered Persons Database (RPDB)

Statement of Purpose: The purpose of this data holding is to securely store personal demographic information for all Screening eligible persons with health insurance coverage.

Need for Personal Health Information (PHI): PHI is required for the operationalization of Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and Colon Cancer Check (CCC) screening to identify Ontarians who are eligible and could be invited to participate in the OBSP, CCC, and OCSP programs. It will also be used for identity validation and data linking for client cancer journey assessment.

Data Types:

• Geographic
• Demographic

Data Provider:

• Ministry of Health

Primary Care Screening Activity Report (PC SAR)

Statement of Purpose: This data holding contains information on primary care providers Screening Eligible rostered patients and their Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and Colon Cancer Check (CCC) screening history.

Need for Personal Health Information (PHI): PHI is required to enable the client level report of screening information to providers to facilitate care.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Screening Integration Hub
• Siebel

Sioux Lookout Zone Screening Activity Report (SLZ SAR)

Statement of Purpose: This data holding contains information on Sioux Lookout Zone Screening Eligible rostered patients and their Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and Colon Cancer Check (CCC) screening history.

Need for Personal Health Information (PHI): PHI is required to enable the client level report of screening information to providers to facilitate care.

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Screening Integration Hub
• Siebel

CytoBase

Statement of Purpose: The purpose of this data holding is to securely store PAP test results collected from laboratories.

Need for Personal Health Information (PHI): PHI is required to facilitate the provision of health care related to cervical cancer screening through the Ontario Cancer Screening Registry (OCSR) and to allow OH to notify participants of their cervical screening results.

Data Types:

• Care Provider
• Health Services
• Demographic
• Geographic

Data Provider:

• Laboratories

Oracle Business Intelligence Enterprise Edition (OBIEE)

Statement of Purpose: The purpose of this data holding is to securely store and manage clinical and administrative data related Ontario Breast Cancer Screening Program (OBSP), Ontario Cervical Screening Program (OCSP) and Colon Cancer Check (CCC) Screening records. OBIEE segmentation and Campaign Management is used for Correspondence inclusions and exclusions.

Need for Personal Health Information (PHI): PHI is required to provide segmentation of data which enables Siebel CRM, via Campaign Management, to generate invitation, reminder, and recall and test result notification correspondence for each of the three Cancer Screening modules (CCC, OCSP and OBSP).

Data Types:

• Ontario Health Derived Cohort

Data Provider:

• Screening Integration Hub
• Siebel

Ontario Breast Cancer Screening Program (OBSP) Database

Statement of Purpose: The purpose of this data holding is to securely store breast cancer screening information collected through the Integrated Client Management System (ICMS) for clients participating in the OBSP.

Need for Personal Health Information (PHI): PHI is for OBSP client management and operations, including clinical results, direct client interactions and correspondence.

Data Types:

• Care Provider
• Facilities
• Health Services
• Geographic
• Demographic

Data Provider:

• Ontario Breast Screening Program (OBSP) sites

Registered Nurse Flexible Sigmoidoscopy (RNFS)

Statement of Purpose: The purpose of this data holding is to securely store data submissions from sites participating in the Colon Cancer Check (CCC) screening program.

Need for Personal Health Information (PHI): PHI is required by the Screening Integration Hub and Siebel

to administer the CCC screening program and ensure quality control.

Data Types:

• Care Provider
• Facilities
• Health Services
• Geographic
• Demographic

Data Provider:

• Participating RNFS sites

Correspondence Feedback File

Statement of Purpose: The purpose of this data holding is to securely store feedback information regarding address corrections, mailing status and returned mail from cancer screening correspondence operations.

Need for Personal Health Information (PHI): PHI is required by the screening integration hub and Siebel for the Ontario Cancer Screening (OCR) correspondence operations.

Data Types:

• Geographic

Data Provider:

• Address information from Canada Post (via Fulfillment House)
• Correspondence from Ontario Health
• Screening Integration Hub

Ontario Health (Cancer Care Ontario) as an institution under the Freedom of Information and Protection of Privacy Act is required to publish an index of all personal information banks. In addition to the personal information bank, Ontario Health makes available a list of its Ontario Health Data Holding List and Health Information Network Provider (HINP) Services.

Trillium Gift of Life Network

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Trillium Gift of Life Network Act, R.S.O. 1990, c. H.20, s. 8.20.(1)

Personal Information Maintained (Data Elements):

• Referral & Consultation Data
• Referral & consultation data
• Living donor
• Kidney waitlist
• Kidney transplant

Disclosure: Regional Renal Programs

Uses: For purposes that a Prescribed Entity may use and disclose PHI in accordance with subsection 45 of PHIPA and subsection 18 of PHIPA Regulation as it relates to tissue donations or transplants, including:

1. increasing the rate of kidney transplants in Ontario;
2. support quality improvement initiatives relate to kidney transplants and living kidney donations.

Users: Ontario Health Analytics and Ontario Renal Network

Individuals in Bank: Tissue donations or transplant data

Retention & Disposal: As per Data Sharing Agreement with TGLN, Ontario Health may retain the TGLN Data indefinitely provided that Ontario Health continues to require the TGLN Data for the Ontario Health Purposes. Data is destroyed in accordance with the Digital Media Disposal Standard.

Patient and Family Advisor (Person Centered Care)

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s. 5

Personal Information Maintained (Data Elements):

• Contact information including address
• Personal opinions and experiences

Disclosure:

• Regional Cancer Centres (RCCs)/Integrated Cancer Program Host Hospitals
• Other Patient and Family Advisors
• Partner organizations including the Ministry of Health and Health Quality Ontario

Uses: Drive system level quality improvement and fulfill OH(CCO) mandate.

Users: Person Centered Care Patient and Family Advisor staff.

Individuals in Bank: Patient and Family Advisors with respect to cancer.

Retention & Disposal:

• For individuals who are not selected as a Patient, Family Advisors (PFA), forms will be retained for 3 years.
• As per the Participation Agreement with PFAs, the PFA’s information will be retained for the period of time required to fulfill the purpose for which it was collected.
• Data is destroyed in accordance with the Digital Media Disposal Standard.

Patient and Family Advisor (Ontario Renal Network)

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Memorandum of Understanding and Accountability Agreement with Ministry of Health.

Personal Information Maintained (Data Elements):

• Contact information including address
• Personal opinions and experiences

Disclosure:

• Regional Renal Program (RRP) staff and RRP/Host Hospitals
• Other Patient and Family Advisors (i.e. RRP Advisors, Regional Renal Advisors or RRP Host Hospital Advisors; frequently referred to as non- Ontario Health Advisors)
• Partner organizations including the Ministry of Health and Health Quality Ontario

Uses: Drive system level quality improvement and fulfill Ontario Health mandate

Users: Ontario Renal Network Patient and Family Advisor staff

Individuals in Bank: Patient and Family Advisors with respect to renal

Retention & Disposal:

• For individuals who are not selected as a PFA, forms will be retained for 3 years.
• As per the Participation Agreement with PFAs, the PFA’s information will be retained for the period of time required to fulfill the purpose for which it was collected.
• Data is destroyed in accordance with the Digital Media Disposal Standard.

City of Toronto

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Memorandum of Understanding and Accountability Agreement between Ontario Health and the Ministry of Health.

Personal Information Maintained (Data Elements):

• Patient information including their contact information
• Date of enrollment
• Date of cancellation
• Other administrative data

Disclosure: Regional Renal Programs

Uses:

• To determine eligibility for the water rebate portion under the Home Hemodialysis Utility Grant
• The Ontario Renal Network uses this information to calculate grant amount which will be shared with the Regional Renal Program

Users: ORN Analytics and ORN Funding Policy and Operations

Individuals in Bank: Applicants to Home Dialysis Water Rebate Program

Retention & Disposal: As per Data Sharing Agreement with City of Toronto, Ontario Health may retain the data indefinitely provided that Ontario Health continues to require the data for the Ontario Health Purposes. Data is destroyed in accordance with the Digital Media Disposal Standard.

Case-by-Case Review Program (CBCRP)

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority:

• Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5), s.39(1)(a) and s. 49(6)
• Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

• Patient demographic information
• Patient clinical data

Disclosure: Ministry of Health

Uses:

• For health system planning
• To determine or verify eligibility for reimbursement

Users: CBCRP program staff

Individuals in Bank: Ontario cancer patients

Retention & Disposal: 50 years from the last date of access in accordance with Records series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Evidence Building Program (EBP)

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A, s.45(5), s.39(1)(a) and s. 49(6).

Personal Information Maintained (Data Elements):

• Patient demographic information; and
• Patient clinical data

Disclosure: N/A

Uses: For health system planning; and to determine or verify eligibility for reimbursement

Users: Provincial Drug Reimbursement Program staff.

Individuals in Bank: Ontario cancer patients seeking coverage for Trastuzumab (Herceptin) and Oxaliplatin cancer drugs.

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Brachytherapy

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A, s.45(5), s.39(1)(a) and s. 49(6)

Personal Information Maintained (Data Elements):

• Patient demographic information
• Patient clinical data

Disclosure: N/A

Uses: For health system planning; and to determine or verify eligibility for reimbursement

Users: Radiation Treatment Program Staff

Individuals in Bank: Ontario cancer patients who have received brachytherapy treatment for prostate cancer patients.

Retention & Disposal: 50 years from the last date of access in accordance with Records series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Complex Malignant Hematology (CMH) – Fellowship and Nurse Practitioner Mentorship Programs

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

• First name
• Last name
• Employment start date
• Mentorship start/end date

Disclosure: N/A

Uses:

• Drive system level quality improvement and fulfill OH(CCO) mandate
• The Ontario Health Models of Care uses this information to calculate honorarium for Mentorship Host Sites and a stipend to the Regional Cancer Centres to support mentees

Users: Ontario Health New Ambulatory Models of Care, Ministry of Health

Individuals in Bank:

• CMH Nurse Practitioner Mentor and Mentees
• Acute Leukemia (AL) and Hematopoietic Cell Transplantation (HCT) fellows

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Anti-Thymocyte Globulin (ATG) for Aplastic Anemia

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

• Heath card number
• Postal code
• Dosage amounts

Disclosure: N/A

Uses: To conduct reimbursements of ATG drugs for Aplastic Anemia patients and to fulfill Ontario Health mandate.

Users: Ontario Health Internal Program Teams, Acute Leukemia Service Sites, CMH Advisory Committees and Steering Committees, and CMH Executive Sponsors.

Individuals in Bank: Anti-Thymocyte Globulin (ATG) for Aplastic Anemia Patients

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Chimeric Antigen Receptor (CAR) T-Cell Therapy

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority:

• Cancer Act, R.S.O. 1990, c. C.1, s.5
• Memorandum of Understanding and Accountability Agreement between Ontario Health and the Ministry of Health

Personal Information Maintained (Data Elements):

• Patient demographic information;
• Health Card Number; and
• Treatment information;

Disclosure: Ministry of Health and Heath Information Custodians

Uses: To conduct reimbursements of CAR T-cell Therapy and to fulfill Ontario Health mandate.

Users: Ontario Health Internal Program Teams, Ministry of Health

Individuals in Bank: Chimeric Antigen Receptor (CAR) T-Cell Therapy Patients.

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Carfilzomib

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

• Patient ID Number
• Patient Name
• Patient Province
• Date of Birth
• Current Physician Name
• Dosage Data

Disclosure: N/A

Uses: To enroll patients into the New Drug Funding Program and process reimbursement claims.

Users: New Drug Funding Program

Individuals in Bank: Chemotherapy patients who were receiving the drug Carfilzomib funded by Amgen’s Victory Program.

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Quality Management Partnership

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5)

Personal Information Maintained (Data Elements):

• Physician Name
• CPSO Number
• Individual performance indicators

Disclosure: Quality indicators are disclosed to the individual physician to whom they relate as part of a quality management report.

Uses:

• Reporting of quality indicators for mammography and colonoscopy services at the facility, regional and provincial levels
• Reporting of quality indicators at the individual physician level
• Supporting peer discussions and facilitated feedback discussion to improve healthcare quality

Users: Ontario Health Quality Reporting and Improvement Team

Individuals in Bank:

• All physicians in Ontario who read mammograms;
• All physicians in Ontario who perform endoscopies and colonoscopies

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Asbestos Workers Registry

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

Information on workers working within particular types of operations involving asbestos:

• Demographic data
• Contact information
• Employer information
• Employment information

Disclosure: N/A

Uses: Research Project: Mortality and Cancer Incidence among Workers in the Ontario Asbestos Worker Registry

Users: Researchers within the Occupational Cancer Research Centre (OCRC) at Ontario Health. 

Individuals in Bank: Workers working within particular types of operations involving asbestos pursuant to Ontario Regulation 278/05 of the Occupational Health and Safety Act.

Retention & Disposal: Data will be destroyed 7 years after the Research Project completion and no copies of the data will be retained.

Complex Malignant Hematology Fellowship

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5)

Personal Information Maintained (Data Elements):

Information on the individuals who enroll in the Fellowship program, including:

• Training start and end dates
• Interruptions during their training
• Location of their post-fellowship position

Disclosure: N/A

Uses: Ontario Health is providing funding to 3 CMH Fellowship training sites (Juravinski Cancer Centre, The Ottawa Hospital Cancer Centre, Princess Margaret Cancer Centre) as salary support for new Acute Leukemia (AL) and hematopoietic cell transplantation (HCT) fellows. The data that we are asking these training sites to provide will help us track the number of fellows who have completed the program and the location of their practice post-fellowship.

Users: New Ambulatory Models of Care (NAMoC) (CPQI – System Improvement and Integration). Ministry of Health

Individuals in Bank: Individuals enrolled in the Fellowship program

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Death (Mortality) Data

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5)

Personal Information Maintained (Data Elements):

• Administrative data
• Demographic data

Disclosure: Statistics Canada (for Canadian Cancer Registry) and NAACCR (deidentified)

Uses: For planning and management purposes and to measure cancer survival.

Users: Ontario Health analytics staff

Individuals in Bank: All deaths in Ontario

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

Ontario Health Study (Cancer Cohort)

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

Information on workers working within particular types of operations involving asbestos:

• Demographic data
• Contact information including address
• Employer information
• Employment information

Disclosure: Approved researchers who have an approved Research Ethics Board Application and approval from Ontario Health Data Disclosure Subcommittee for cancer registry data of Ontario Health Study participants with a diagnosis of cancer.

Uses: For research related purposes.

Users: Ontario Health Data Analysts

Individuals in Bank: Individuals who have consented to participate in the Ontario Institute of Cancer Research’s Ontario Health Study.

Retention & Disposal: Data will be destroyed within 5 days of termination of the data sharing agreement between Ontario Health and the Ontario Institute of Cancer Research.

Employee Personal Information

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Cancer Act, R.S.O. 1990, c. C.1, s. 8

Personal Information Maintained (Data Elements): Information on employees includes names; date of birth; home address and contact information; employment, promotion and termination letters; banking information; benefits and beneficiaries; performance assessments.

Disclosure: N/A

Uses: Ontario Health uses the personal information of its employees to deliver human resources services and manage employment relationships.

Users: Ontario Health Human Resources staff and individual CCO employees.

Individuals in Bank: Ontario Health employees, contractors and consultants.

Retention & Disposal: Individual Employee Files: period of 10 years after end of employment as per Records Series 074.001. Individual Employee Pay Records: Retention period of 6 years as per Records Series 074.002. Data is destroyed in accordance with the Digital Media Disposal Standard.

Ontario Health Out-of-Country (OOC) Cancer Applications

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority: Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5), s.39(1)(a) and s. 49(6).

Personal Information Maintained (Data Elements):

• Patient’s First and Last Name
• Health Card Number
• Medical History

Disclosure: Ministry of Health

Uses:

• For health system planning
• To determine or verify eligibility for reimbursement

Users: Ontario Health OOC program staff

Individuals in Bank: Applicants to Ministry of Health’s Out-of-Country Program related to specific cancer requests

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed in accordance with the Digital Media Disposal Standard.

CCO Positron Emission Tomography (PET) Scan

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority:

• Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5), s.39(1)(a) and s. 49(6);
• Cancer Act, R.S.O. 1990, c. C.1, s.5

Personal Information Maintained (Data Elements):

• Patient demographic information
• Health Card Number
• Treatment information

Disclosure: N/A

Uses:

• For health system planning
• To determine or verify eligibility for reimbursement

Users: Ontario Health Cancer Imaging and Drug Reimbursement program staff

Individuals in Bank: Ontario patients requiring PET Scans

Retention & Disposal: 50 years from the last date of access in accordance with Records Series 900. Data is destroyed following the Digital Media Disposal Standard.

Out-of-Country Hemodialysis Reimbursement Program

Location: Stored in secure location subject to Ontario Health Internal Data Access Request process.

Authority:

• Direct collection from individuals is necessary for the proper administration of a lawfully authorized activity Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. F.31, s. 38(2)
• Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A , s.45(5), s.39(1)(a) and s. 49(6).

Personal Information Maintained (Data Elements):

• First Name and Last Name
• Health Card Number
• Date of Birth
• Sex
• Mailing address
• Residence address
• Telephone number
• Facility and Treatment Information
• Banking information

Disclosure:

• Ministry of Health
• Kidney Foundation of Canada

Uses:

• Process claims
• For health system planning
• To determine or verify eligibility for reimbursement

Users:

• ORN Funding Policy and Operations Team
• Information Program Team
• Finance

Individuals in Bank: Claimants for Out-of-Country Hemodialysis Reimbursement Program

Retention & Disposal: Seven (7) years from the date of collection