System and Organization Controls (SOC) 2 audit of a third party service provider 

Year Completed: 2023

Summary: The purpose of this audit report is to summarize the privacy and information security controls that are in place at a third-party service provider.  

Year Reviewed: 

Year Completed: 2024

Summary: The purpose of this PIA is to assess privacy risks associated with changes to the personal health information collected for the NIPT encounter in the BORN Information System. 

Year Reviewed: 

Summary: The purpose of this PIA is to assess the privacy risks associated with changes to the personal health information collected for the DERF, a component of Prenatal Screening Ontario data in the BORN Information System.

Summary: The purpose of this PIA is to assess the privacy risks associated with the collection and use of prenatal RSV vaccinestatus and infant monoclonal antibody immunization status and the subsequent disclosure of these data to PHUs for those PHUs to upload to the PHIX/Panorama system. 

Year Reviewed: 

 Use of Microsoft PowerBI for reporting 

Summary: The purpose of this PIA is to assess current and future risks to implementing Microsoft PowerBI as a business intelligence dashboard viewing tool within the BORN Information System and the BORN personal health information storage vault.

Year Reviewed: 

Summary: The purpose of this PIA is to assess the collection and use of the data contained within the infant death registration files received by BORN as a one-time historical extract from the Registrar General of Ontario.  

Year Reviewed: 

Summary: The purpose of this conceptual PIA is to identify the privacy impact and privacy risks associated with personal health information collected from Ontario’s Paediatric Diabetes Education Programs about the characteristics or health of children and adolescents living with diabetes. 

Year Reviewed: 

Summary: The purpose of this conceptual PIA is to is to identify the privacy impacts and privacy risks associated with the implementation of two new prenatal fetal BGG screening tests within BORN’s Prenatal Screening Ontario data in the BORN Information System.

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks and impacts associated with migrating midwifery unaccommodated client data from the Midwifery Invoice System to the BIS. 

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks and impacts associated with the rebuild of the MIS. The MIS is not considered a BORN data holding of personal health information. 

Year Reviewed: 

Summary: The purpose of this PIA is to identify privacy impacts and risks associated with changes to BORN’s suite of core technologies. Specifically, the PIA assesses changes to the BORN Information System (BIS) since the 2020 PIA, migration of the personal health information storage vault and science infrastructure to BORN’s Microsoft Azure Cloud, and implementation of a new secure file transfer protocol (sFTP) solution.

Year Reviewed: 

Summary: The purpose of this PIA is to assess the FHIR application that would enable data contributors to review and correct errors in personal health information submitted to the BORN information system (BIS).BORN did not proceed with implementing the FHIR app.  

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks associated with the implementation and use of the BORN data warehouse, as well as identify privacy-related considerations for a future business intelligence solution 

Year Reviewed: 

 Healthy Babies Healthy Children (HBHC) BORN Program

Summary: The purpose of this PIA is to assess privacy impact and risks associated with BORN collecting personal health information for the HBHC screening program, and additional data about children’s height, weight, and lifestyle to facilitate the province’s primary care Healthy Growth Initiative. 

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy impacts and risks associated with migrating the BIS from CHEO  infrastructure into the Microsoft Azure Cloud. 

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks of BORN Information System enhancements including: the ImmunizeCA project; the Ontario Perinatal Record and data pre-population projects; and the public health data cube (an analysis tool) project.   

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks relating to numerous changes to the BORN Information System including: the 18 Month Enhanced Well Baby clinical encounter; CANS Autism Outcomes Assessments; in vitro fertilization clinic treatments; midwifery unaccommodated clients; gestational diabetes; and a secure messaging system within the BIS.

Year Reviewed: 

Summary: The purpose of this PIA is to assess privacy risks relating to the CCASS core set of national variables for the Champlain Local Health Integration Network.

Year Reviewed: 

Summary: The purpose of the delta PIA is to assess privacy risks relating to several enhancements, including: to the Midwifery Invoice System to enable payment for midwifery services; to enable batch uploading of the antenatal records from physician electronic medical records; and to enable inclusion of assisted reproductive technology data in the BIS.

Year Reviewed: 2024

Summary: The purpose of this PIA is to assess the development of privacy policies and controls prior to the implementation of the BIS at the Children's Hospital of Eastern Ontario. 

Year Reviewed: 2024

Summary: The purpose of this PIA is to provide the OPSS with pertinent information to facilitate and maintain an effective prescribed registry. This PIA identifies risks and mitigations associated with the OPSS.  

Year Reviewed: 2024