SHIIP is housed within the authorized eHealth network which offers users a secure and trusted environment to access Personal Health Information (PHI). To comply with this practice, users are required to access the eHealth network through one of the hospitals in the South East LHIN.
Onboarding New Organizations
Registration and access to SHIIP is a multistep process that reviews many components from privacy to technical to ensure interested sites meet the requirements to adopt the use of SHIIP. To support the future adoption of other eHealth assets, the registration process with SHIIP has been modelled in reference to the eHealth process. This is to enable effective change management for sites to adopt the necessary structures.
Within this process, there are four key roles that need to be established:
- LRP – Legal Responsible Person: Signs the legal documents for a site. They identify the users that will require access to SHIIP, as well as validate each of these users with two pieces of identification.
- LRA – Local Registration Authority: Delegated role (from the LRP) that handles registration tasks for users. The LRA can be seen as a Super User for the site, and all issues/activities are coordinated with them.
- Privacy Officer/Lead – The role responsible for the privacy processes and procedures for the organization.
- Site Administrator – The role responsible to act as lead for the use of SHIIP. Also identified as the SHIIP site Champion.
Step One – Identification of LRP and LRA
It is important to establish the LRP and LRA at minimum to proceed with the registration process.
Step Two – Completion of the Privacy and Technical Readiness Assessments
Once a site has expressed interest, a meeting is scheduled in an interview format with the lead privacy and technical resources at the site to review the readiness assessments. These assessments seek to gather information that enables the use of SHIIP within the business environment. These include the reviewing specific policies, business practices or resources. These assessments total less than 30 questions and provide the basis that could be fed into assessments for other digital eHealth assets.
The assessments are reviewed jointly between the South East LHIN and the Kingston Health Sciences Centre (the HINP) on the basis of risk. If there are areas that need to be revisited, a remediation plan will be set in place to help the site mitigate the identified risk.
Step Three – Review of the SHIIP Accountabilities and Privacy Program Manual
The privacy program of SHIIP has documentation available to aid new sites to understand the responsibilities outlined in the participation agreements. The site executive team reviews all of the SHIIP agreements in support with the SHIIP privacy lead. Once complete, the executive team signs the Schedule E of the agreement.
Step Four – Education and Training Review
Education and training review can begin for the site to start the use of SHIIP. There are two categories of training required: Administrative and User.
Administrative training includes:
- LRA training to inform nominated Local Registration Authorities on the processes and responsibilities of being an LRA.
- Privacy Officer training to educate the privacy officer on the SHIIP privacy components. A privacy learning module is completed to satisfy the accountabilities outlined in the signed agreements.
- Site Administrator training to “train the trainer”. The Site Administrator is considered a super user and acts as the site champion to coordinate the resolution of issues with our Help Desk. There can be more than one Site Administrator (dependent on the organization’s size).
User training includes:
- Training users how to use SHIIP. This includes a basic overview of the tool, but it can be tailored if a specific workflow has been identified.
- Training users on the various privacy components of SHIIP. All users are required to complete this privacy training. This can be completed separately or integrated into the privacy practices within the organization.
The SHIIP team is working to develop self-directed modules for users to complete.
Step Five – Completion of Registration Forms
At this point, the site is now able to onboard the SHIIP users. The LRA must be the one to distribute appropriate forms. Once the forms are completed, they are returned to the LRP / LRA for verification and signature. All forms can then be scanned and emailed to SHIIP@lhins.on.ca. Forms that are not submitted by the site identified LRP / LRA will not be processed. For this reason, it is important that the LRP / LRA notify SHIIP@lhins.on.ca of any changes to their contact information.