Protecting Information

One of CIHI’s key responsibilities in delivering CIHI Portal is addressing privacy concerns. CIHI has been proactive in meeting this challenge by engaging ministries of health and seeking guidance from internal  privacy experts. Business and technical processes have been developed to protect information available in CIHI Portal accordingly.

All information released under CIHI Portal complies with CIHI’s privacy and confidentiality policies, as set out in Privacy and Confidentiality of Health Information at CIHI.

Service Agreement

CIHI requires that each participating site sign a Service Agreement that designates an organizational contact and formalizes the terms and conditions of use, including:

  • CIHI Portal provides access to confidential data that are facility-identifiable and patient de-identified
  • CIHI Portal data come from CIHI’s Discharge Abstract Database (DAD) and population data under licence from Statistics Canada
  • Access to CIHI Portal is contingent upon successful completion of the CIHI Portal’s education program (for a given user role)
  • Information from CIHI Portal is to be used solely for internal planning, research and analysis and decision-support activities
  • The organizational contact is responsible for identifying authorized users to CIHI and ensuring that these users are aware of the terms of the agreement
  • Users are subject to a current confidentiality/non-disclosure agreement with their employer

Privacy Impact Assessment (PIA)

CIHI has completed a Privacy Impact Assessment (PIA) for CIHI Portal. Users do not have access to the following data elements in CIHI Portal:

  • Health card number
  • Medical chart/abstract number
  • Date of birth (CIHI Portal does, however, include the patient’s age at the time of hospitalization)
  • Full postal code (CIHI Portal does, however, include geographic elements derived from the postal code)

Secure Environment

In order to protect the privacy of the data provided via CIHI Portal, a number of precautions have been implemented to create a secure environment:

  1. Only health care organizations that submit data to the related data holdings are eligible to participate
  2. Participating sites are held accountable for using CIHI Portal appropriately through signed Service Agreements
  3. Each user account is attached to a specific person
  4. Authentication is based on user ID and password
  5. Communications are encrypted
  6. The network, connections and user accounts are regularly monitored