Site Search

Loading Results

Building trust in EMRs in support of improved patient outcomes

Electronic medical records (EMRs) help healthcare workers deliver services safely and efficiently. Electronically recording, storing and accessing patient information reduces the potential for errors and makes it easier to share materials and collaborate.

And EMRs are becoming more common across the country: statistics show EMR use by family doctors, general practitioners and other primary care physicians in Canada increased from 16% in 2004 to 90% in 2021.1,2

Privacy and security are key pillars in the healthcare industry and are even more critical as EMR use increases. But EMR teams, their patients and other stakeholders face a jurisdictional patchwork of privacy and security requirements across Canada which can be difficult to implement without a common framework. Furthermore, most existing requirements insufficiently incorporate emerging technologies such as decentralized identity and blockchain that can strengthen the privacy and security of EMRs.

“The need for privacy in electronic medical records is an absolute must and cannot be overemphasized: it is an essential feature of preserving the privacy of one’s health information, which comprises our most sensitive personal information.”

—Dr. Ann Cavoukian, Executive Director, Global Privacy and Security by Design Centre Inc. and former three-term Information and Privacy Commissioner of Ontario

Filling an EMR privacy and security gap

We saw an opportunity to help EMR users and providers protect patients’ personal health information and collaborated with TELUS to create a standard for privacy and security in EMRs. This common standard provides a trust framework that can help accelerate EMR adoption, which will improve patient safety as well as the continuity, quality and efficiency of care.

The PwC Privacy and Security Standard for EMRs sets out controls that can be implemented when designing and building EMR solutions. This helps EMR users address their particular privacy and security needs and meet regulatory requirements—letting clinicians focus on delivering healthcare services, rather than questioning how to best protect their patients’ medical information.  

Who this report is for:

  • Clinics and healthcare provider networks using EMRs
  • Practitioners and IT teams responsible for EMR solutions
  • EMR solution providers
  • Privacy and information security officers
  • Architects and developers
  • Independent assessment bodies

A framework for building trust in EMRs

Our standard is broken into two sections. The first covers organizational requirements, such as governance, trust and accountability. The second section contains technical requirements across eight domains including consent, limiting use, disclosure and retention, and patient rights management.

Both sections provide guidance to EMR users and providers on meeting privacy and security requirements and include evaluation criteria used by assessors to make sure the requirements are adequately addressed.

This standard helps organizations that use EMRs understand how to: 

Better secure and protect patient privacy through EMRs

 

Support buy-in and adoption of EMRs in the absence of a Canadawide legislative or proven interoperable solution

Promote and inspire patient and citizen trust in EMRs

This standard doesn’t aim to replace provincial or federal regulations. But we’ve seen through our work, including our previous collaboration with TELUS on a privacy and security standard for virtual care, how trust and transparency is crucial for patients, healthcare professionals and service providers.

Your privacy program can be part of a broader data trust strategy that considers how your organization governs, discovers, protects and minimizes the amount of data it holds. This helps you move beyond compliance and lets you use data with confidence to build trust with patients and sustainably enhance the care they receive. 

This EMR privacy and security standard was developed in collaboration with TELUS, a technology company with a long-standing commitment to protecting privacy. To learn more, visit www.telus.com.

1 Chad Leaver, “Use of Electronic Medical Records among Canadian Physicians 2017 Update,” Canada Health Infoway, August 31, 2017, https://www.infoway-inforoute.ca/en/component/edocman/3362-2017-cma-workforce-survey-digital-health-results/view-document?Itemid=0.

2 “2021 National Survey of Canadian Physicians,” Canada Health Infoway and Canadian Medical Association, August 11, 2021, https://www.infoway-inforoute.ca/en/component/edocman/3935-2021-national-survey-of-canadian-physicians/view-document?Itemid=0.

Download the standard

PwC Privacy and Security Standard for Electronic Medical Records

Related Content

Contact us

​Jordan Prokopy

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Linkedin Follow X Follow Email
Kathleen Champagne

Kathleen Champagne

Managing Director, Privacy Lead, PwC Canada

Tel: + 1 416 388 1385

Linkedin Follow Email
Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Linkedin Follow Email
Follow PwC Canada
Today's issues Top issues Acquisitions and Divestitures Building trust for today and tomorrow Compliance. Transformed. Crisis Cybersecurity, Privacy and Financial Crime Environmental, social and governance (ESG) Fit for Growth Future of finance Generative AI Workforce of the future
Insights All Insights Blogs CEO survey Cloud Technology Insights Director connect Generative AI Hub Podcasts Risk and Regulatory Hub Smart cities Strategy& strategy+business
Industries Industries Asset management Automotive Banking & capital markets Cannabis Consumer markets Energy Entertainment and media Financial services Government and Public Services Healthcare Industrial manufacturing Insurance Mining Power & utilities Private equity Real estate Technology sector Telecommunications innovation Transportation and logistics
Services Services Accounting Advisory Services Alliances Audit and Assurance Consulting Crisis and resilience Current Insolvency Assignments Data and analytics Deals Forensic Services Japanese Business Network Legal Managed Services Products PwC Private Risk Assurance Risk Modelling Services Tax Transformation and investment management
About us About Us 2024 new partners Board of directors Alumni Contact us Corporate responsibility Diversity, Equity, Inclusion and Belonging Ethics and Code of Conduct Our Canadian leadership team Our commitment to Truth and Reconciliation Our history Our offices locations Our people Our purpose, vision and values Press releases Procurement at PwC The New Equation Women in Leadership
Careers Careers Explore our business areas Student and new graduate opportunities Life at PwC Canada Benefits, flexibility and wellness Talent Community

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.