Skip to Main Content Go to Sitemap
SickKids

Epic: SickKids & CHEO Health Information Network Providers (HINPs) Statement

The Hospital for Sick Children (SickKids) and the Children's Hospital of Eastern Ontario (CHEO) have established a shared electronic health record system (called Epic) to enhance the delivery of healthcare services and improve patient outcomes. For the provision of this service, SickKids and CHEO are both considered Health Information Network Providers (HINPs), and are committed to ensuring the privacy, security, and confidentiality of personal health information (PHI) within this shared system.

The shared Epic instance facilitates the seamless exchange of PHI between SickKids and CHEO, and between these hospitals and care providers in the community, enabling healthcare providers to access comprehensive patient records, streamline care coordination, and support clinical decision-making. This collaboration aims to enhance patient care by providing timely and accurate information to authorized healthcare professionals.

SickKids makes Epic available to providers in the surrounding region (including the GTA and other areas of Canada) to access the personal health information of patients seen at SickKids to continue to care for patients. CHEO makes Epic available to care providers in the surrounding region (including Eastern Ontario, Northern Ontario and Quebec) to access the personal health information of patients seen at CHEO to continue to provide care for patients. SickKids and CHEO may also enable access to Epic for other purposes, as permitted under Ontario’s Personal Health Information Protection Act (PHIPA).

SickKids and CHEO, in their roles as the health information network provider (HINP), is to implement and manage Epic. This includes providing services such as hosting the solution, providing end-user support and providing additional supports.

SickKids and CHEO have established robust governance structures to oversee the management and operation of the shared Epic instance. Both organizations are responsible for ensuring compliance of Epic with applicable privacy legislation.

To safeguard PHI, SickKids and CHEO have implemented stringent privacy and security measures, including, but not limited to:

  • Access controls: Role-based user access limits access to PHI to only authorized personnel with approved organizations and only to the PHI needed to support care
  • Security controls: All PHI in Epic is encrypted and protected on the network to protect against unauthorized access
  • Training: Staff members at all organizations receive regular privacy training to ensure they understand their responsibilities in protecting PHI, and the strict guidelines under which they may access or use Epic. Staff members must agree to abide by these restrictions.
  • Monitoring: All user and system activities are logged, and can be audited for appropriateness.
  • Incident management: Both organizations have comprehensive incident management processes in place to promptly address any privacy breaches or security incidents.

Patients have the right to access their PHI within the shared Epic instance. Requests for access can be directed to SickKids or CHEO. Patients also have the right to request corrections to their PHI if they believe it is inaccurate or incomplete. Patients should direct requests to the institution where they are receiving care.

For more information about the shared Epic instance or to exercise your rights under PHIPA, please contact:

Home / Patients & Visitors / Privacy & Your Information / Epic: SickKids & CHEO Health Information Network Provider (HINP) Statement
Back to Top