The Security, Privacy and Risk Management (SPRM) team at Community Care Information Management (CCIM) is positioned within the Solutions Group. The team works to protect the privacy of client information and the access to it. It ensures that security controls are integrated into all project solutions by providing Security Architecture Solutions and conducting Threat/Risk Assessments (TRAs) and Privacy Impact Assessments (PIA) to mitigate the risk to CCIM and its projects.

In Ontario, Personal Health Information (PHI) is collected by health care providers every time a client uses the health care system. PHI is used to identify the person and to provide care providers with information about personal and family health history and about previous visits to physicians.

Ontario introduced the Personal Health Information Protection Act, 2004 (PHIPA) to protect a client’s right to privacy and their personal data against unauthorized disclosure and use. CCIM’s clients are custodians of PHI and must abide by PHIPA.

SPRM ensures that security and privacy standards are embedded in all projects and intellectual property to protect PHI and Personal Information (PI). The team also builds safeguards to protect the personal and confidential information of contractors and business partners.

The team ensures that safeguards and controls only allow authorized users to access client information. This guarantees that PHI and/or PI are private and accessible only by those who have permission to view it for the purpose of providing approved services.