×

Warning message

The installed version of the browser you are using is outdated and no longer supported by Konveio. Please upgrade your browser to the latest release.

CAN/DGSI 100-5:202X , Data Governance: Part 5 - Health data and information capability framework (D3)

Technical Committee Review

This standard specifies the minimum requirements for organizations to define the depth, diversity, and complexity of capabilities, including criteria to assess the degree to which the capability is mature and consistently applied across an organization’s data assets and processes.

The framework also aims to help networks of organizations (e.g., multiple agencies within a jurisdiction) understand the alignment required within the network for a given Health Data and Information (HDI) capability through:

  • Identifying the need for and extent of alignment required of their HDI principles, practices and content where it is practical and beneficial toward achieving common aims; and
  • A common language for multi-organizational collaboration as a basis for exchange of leading practices and lessons learned in a meaningful and constructive way that fosters improvement and alignment.

The framework is not intended to prescribe how these capabilities and related processes should be implemented. Individual organizations will need to design or refine their own policies, processes and practices given their scope, mandate, priorities and legislative authorities.

DATE POSTED: January 31, 2025

DEADLINE FOR COMMENTS: March 31, 2025
File name:

-

File size:

-

Title:

-

Author:

-

Subject:

-

Keywords:

-

Creation Date:

-

Modification Date:

-

Creator:

-

PDF Producer:

-

PDF Version:

-

Page Count:

-

Page Size:

-

Fast Web View:

-
Choose an option Alt text (alternative text) helps when people can’t see the image or when it doesn’t load.
Aim for 1-2 sentences that describe the subject, setting, or actions.
This is used for ornamental images, like borders or watermarks.
Preparing document for printing…
0%
Drag
Document is loading Loading Glossary…
Powered by Konveio
View all

Comments

Close

Commenting is closed for this document.

Rebecca Feb 10 2025 at 4:24PM on page 30

Editorial
Is it important to also explicitly include CASL (Canada's Anti-Spam Legislation) as it can be relevant to health data interchange, particularly in communication with patients?

Example: A hospital shares patient data with a specialized clinic to improve referral processes. If, as a result of this data sharing, the clinic automatically sends an email to the patient promoting their services and inviting them to book an appointment.

If the primary purpose of this email is deemed to be promoting the clinic's services (a commercial activity), it could be a CEM. If the clinic doesn't have express consent from the patient to send promotional emails, or if the email doesn't fully comply with CASL (identification, unsubscribe), it's a violation. The data exchange initiated the communication and the risk is that the patient might perceive this as unsolicited marketing resulting from their health data being shared, leading to a breach of trust and potential CASL complaints.
replies

Rebecca Feb 10 2025 at 4:23PM on page 29

Editorial
The clause focuses on new projects but doesn't explicitly mention the need for PIAs to be living documents that are reviewed and updated periodically, or when significant changes occur to existing systems or processes.
replies

Rebecca Feb 10 2025 at 4:23PM on page 28

Technical
I wonder if the language around "anonymization and de-identification" should be strengthened. Anonymization methods can be easily reversible if not implemented correctly. I’m unsure if there are specific industry or legal standards in Canada to reduce the risk of re-identification and potential privacy breaches.
replies
View all