Electronic Health Record Infostructure Privacy and Security Conceptual Architecture


Key Questions: What is the privacy and security architecture? What are the security requirements? What are the privacy and security standards?

This document describes a privacy-protective and secure conceptual architecture for Infoway's interoperable electronic health record infostructure (EHRi). Further refinement and implementation of this architecture will ensure that the privacy of patient/persons is protected and that the confidentiality, integrity, and availability of their personal health information (PHI) is maintained. Familiarity with the privacy and security conceptual architecture is essential to an understanding of the privacy and security services that the EHRi will provide and the impact these services will have in the future. 


  • Introduction
  • Privacy and Security Architecture Project
  • Overview of Privacy and Information Security Requirements
  • P&S Conceptual Architecture
  • EHRi Information Assets To Be Secured
  • Overview of P&S Services
  • P&S Services
  • Other EHRi Common Services with P&S Implications
  • Deploying the P&S Conceptual Architecture: Interim States
  • Governance of the EHRi
  • Privacy and Security Standards
  • Implications for Vendors of POS Systems
  • Appendix A Detailed Description of P&S Services
  • Appendix B Mapping P&S Requirements to P&S Services
  • Appendix C – Informational Consent
  • Appendix D – Candidate Conceptual Data Models
Contact Person/Organization: 

 Canada Health Infoway Inc.

Type of Tool:

Publication Date: