Privacy Impact Assessment Summaries
|
System and Organization Controls (SOC) 2 audit of a third party service provider |
|
Year Completed: 2023 Summary: The purpose of this audit report is to summarize the tests of privacy and information security controls that are in place at a third-party service provider. Year Reviewed: |
| Non-Invasive Prenatal Testing (NIPT) data enhancements |
|
Year Completed: 2024 Summary: The purpose of this PIA is to assess privacy risks associated with amendments to the collection of personal health information (PHI) for the NIPT encounter in the BORN Information System. Year Reviewed: |
| Diagnostic Evaluation Report Form (DERF) enhancements |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess the privacy risks associated with amendments to collection, use, and disclosure of DERF data, a component of Prenatal Screening Ontario data in the BORN Information System. Year Reviewed: |
| Respiratory Syncytial Virus (RSV) reports to public health units (PHUs) |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess the privacy risks associated with the collection and use of prenatal RSV vaccinestatus and infant monoclonal antibody immunization status and the subsequent disclosure of these data to PHUs for those PHUs to upload to the Public Health Information Exchange (PHIX) system (aka Panorama). Year Reviewed: |
|
Use of Microsoft PowerBI for reporting |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess current and future risks relating to implementing the Microsoft PowerBI reporting functionality in the existing BORN Microsoft Azure environment as a complement to the BORN Information System and other data holdings of personal health information. Year Reviewed: |
| Infant Death Registration Data linked to BORN Information System (BIS) data |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess the collection and use of the data contained within the infant death registration files received by BORN as a one-time historical extract from the Registrar General of Ontario. Year Reviewed: |
| Paediatric Diabetes Registry (PDR) |
| Year Completed: 2024
Summary: The purpose of this conceptual PIA is to identify the privacy impact and privacy risks associated with BORN’s collection, used, and disclosure of data in a new component of the BORN Information System. The PDR contains personal health information collected from Ontario’s Paediatric Diabetes Education Programs about the characteristics or health of children and adolescents living with diabetes. Year Reviewed: |
| Fetal Blood Group Genotyping (fetal BGG) Screening |
| Year Completed: 2024
Summary: The purpose of this conceptual PIA is to is to identify the privacy impacts and privacy risks associated with a new component of BORN’s Prenatal Screening Ontario data. This includes coordinating the implementation of two new prenatal fetal BGG screening tests. Year Reviewed: |
| Midwifery Unaccommodated Client data in the BORN Information System (BIS) |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess privacy risks and impacts associated with migrating midwifery unaccommodated client data and reporting from the Midwifery Invoice System to the BIS. Year Reviewed: |
| Midwifery Invoice System (MIS) rebuild |
| Year Completed: 2024
Summary: The purpose of this PIA is to assess privacy risks and impacts to BORN associated with the rebuild of the MIS. The MIS is not considered a BORN data holding of personal health information. Year Reviewed: |
| BORN Microsoft Azure Hosted Technology |
| Year Completed: 2023
Summary: The purpose of this PIA is to identify the privacy impacts and privacy risks associated with changes to BORN’s suite of core technologies. Specifically, the PIA assesses changes to the use of the BORN Information System (BIS) since the 2020 PIA, migration of the PHI vault and science infrastructure to BORN’s Microsoft Azure Cloud, and implementation of a new cloud-hosted secure file transfer protocol (sFTP) solution. Year Reviewed: |
| Fast Healthcare Interoperability Resources (FHIR) application for BORN clinical data integrations |
| Year Completed: 2022
Summary: The purpose of this PIA is to assess the implementation of the FHIR application that would enable data contributors to review and correct errors in patient information submitted through clinical data integrations established between contributor electronic record systemsand the BORN information system (BIS).BORN did not proceed with integration of the FHIR app. Year Reviewed: |
| BORN Data Warehouse |
| Year Completed: 2021
Summary: The purpose of this PIA is to assess the privacy risks associated with the implementation and use of the BORN data warehouse, as well as identify privacy-related considerations for a future business intelligence solution Year Reviewed: |
|
Healthy Babies Healthy Children (HBHC) BORN Program |
| Year Completed: 2018
Summary: The purpose of this PIA is to assess the privacy impact and privacy risks associated with BORN collecting personal health information for the HBHC screening program, and additional data about children’s height, weight, and lifestyle to facilitate the province’s primary care Healthy Growth Initiative. Year Reviewed: |
| BORN Information System (BIS) migration to the cloud |
| Year Completed: 2018
Summary: The purpose of this PIA is to assess the privacy impacts and privacy risks associated with migrating the BIS from the CHEO Information Technology Shared Services Department hosting infrastructure into the Microsoft Azure Cloud. Year Reviewed: |
| Various BORN Information System (BIS) enhancements |
| Year Completed: 2016
Summary: The purpose of this PIA is to assess the privacy risks of enhancements to the BIS, specifically relating to the ImmunizeCA project, the Ontario Perinatal Record and data pre-population projects, and the public health data cube (an analysis tool) project. Year Reviewed: |
| BORN Information System (BIS) message and other enhancements |
| Year Completed: 2014
Summary: The purpose of this PIA is to assess the privacy risks relating to a group of initiatives and projects: 18 Month Enhanced Well Baby clinical encounter; CANS Autism Outcomes Assessments; in vitro fertilization clinics regarding treatments; midwifery unaccommodated clients; gestational diabetes; and a messaging system within the BIS. Year Reviewed: |
| BORN Canadian Congenital Anomalies Surveillance System (CCASS) Implementation |
| Year Completed: 2011
Summary: The purpose of this PIA is to assess the privacy risks relating to the implementation of the CCASS core set of national variables for the Champlain Local Health Integration Network. Year Reviewed: |
| Delta PIA for BORN Information System (BIS) |
| Year Completed: 2012
Summary: The purpose of the delta PIA is to assess privacy risks relating to enhancements to the BIS, including: to the Midwifery Invoice System to enable payment for midwifery services; to enable batch uploading of the antenatal records from physician electronic medical records; and to enable inclusion of assisted reproductive technology data in the BIS. Year Reviewed: 2024 |
| Original PIA for the BORN Information System (BIS) |
| Year Completed: 2011
Summary: The purpose of this PIA is to assess the development of privacy policies and controls prior to the implementation of the BIS at the Children's Hospital of Eastern Ontario. Year Reviewed: 2024 |
| Original Ontario Perinatal Surveillance System (OPSS) for the Ministry of Health and Long-Term Care |
| Year Completed: 2008
Summary: The purpose of this PIA is to provide the OPSS with pertinent information to facilitate and maintain an effective prescribed registry. This PIA identifies risksand mitigations associated with the OPSS. Year Reviewed: 2024 |
Subscribe to this page
