Download our electronic medical records standard
Electronic medical records (EMRs) help healthcare workers deliver services safely and efficiently. Electronically recording, storing and accessing patient information reduces the potential for errors and makes it easier to share materials and collaborate.
Privacy and security are key pillars in the healthcare industry and are even more critical as EMR use increases. But EMR teams, their patients and other stakeholders face a jurisdictional patchwork of privacy and security requirements across Canada which can be difficult to implement without a common framework. Furthermore, most existing requirements insufficiently incorporate emerging technologies such as decentralized identity and blockchain that can strengthen the privacy and security of EMRs.
“The need for privacy in electronic medical records is an absolute must and cannot be overemphasized: it is an essential feature of preserving the privacy of one’s health information, which comprises our most sensitive personal information.”
—Dr. Ann Cavoukian, Executive Director, Global Privacy and Security by Design Centre Inc. and former three-term Information and Privacy Commissioner of OntarioWe saw an opportunity to help EMR users and providers protect patients’ personal health information and collaborated with TELUS to create a standard for privacy and security in EMRs. This common standard provides a trust framework that can help accelerate EMR adoption, which will improve patient safety as well as the continuity, quality and efficiency of care.
The PwC Privacy and Security Standard for EMRs sets out controls that can be implemented when designing and building EMR solutions. This helps EMR users address their particular privacy and security needs and meet regulatory requirements—letting clinicians focus on delivering healthcare services, rather than questioning how to best protect their patients’ medical information.
Our standard is broken into two sections. The first covers organizational requirements, such as governance, trust and accountability. The second section contains technical requirements across eight domains including consent, limiting use, disclosure and retention, and patient rights management.
Both sections provide guidance to EMR users and providers on meeting privacy and security requirements and include evaluation criteria used by assessors to make sure the requirements are adequately addressed.
Better secure and protect patient privacy through EMRs
Support buy-in and adoption of EMRs in the absence of a Canadawide legislative or proven interoperable solution
Promote and inspire patient and citizen trust in EMRs
This standard doesn’t aim to replace provincial or federal regulations. But we’ve seen through our work, including our previous collaboration with TELUS on a privacy and security standard for virtual care, how trust and transparency is crucial for patients, healthcare professionals and service providers.
Your privacy program can be part of a broader data trust strategy that considers how your organization governs, discovers, protects and minimizes the amount of data it holds. This helps you move beyond compliance and lets you use data with confidence to build trust with patients and sustainably enhance the care they receive.
This EMR privacy and security standard was developed in collaboration with TELUS, a technology company with a long-standing commitment to protecting privacy. To learn more, visit www.telus.com.
1 Chad Leaver, “Use of Electronic Medical Records among Canadian Physicians 2017 Update,” Canada Health Infoway, August 31, 2017, https://www.infoway-inforoute.ca/en/component/edocman/3362-2017-cma-workforce-survey-digital-health-results/view-document?Itemid=0.
2 “2021 National Survey of Canadian Physicians,” Canada Health Infoway and Canadian Medical Association, August 11, 2021, https://www.infoway-inforoute.ca/en/component/edocman/3935-2021-national-survey-of-canadian-physicians/view-document?Itemid=0.
National Data Trust & Privacy Practice Leader, PwC Canada
Tel: +1 416 869 2384
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada
Tel: +1 416 815 5306