Data Collection and Storage

Protecting patient privacy is paramount for us. Here’s how we do it.

Patient experience data collected by CPIN is always handled ethically and with the utmost care. Data is anonymized, aggregated and stored securely at all times. This de-identified data is collated and reported back to the primary care provider to enable the provider to complete Quality Improvement activities based on patient feedback. It may be linked to other administrative data to enable regional level assessment of patients’ experiences.

De-identified data may also be used to help advance research on primary health care in Canada. Data access and security is managed by the Institut du Savoir Montfort (ISM) in Ottawa. University-accredited researchers wishing to access the de-identified data for research must be vetted, credentialed and supervised by the ISM. Patient data will NEVER be sold to pharmaceuticals or other private entities.

​CPIN uses software developed by Cliniconex, an Ottawa based IT company. Cliniconex software separates patient name from contact and demographic information through physically separate data centres and service providers. A random identifier number (called a “Globally Unique Identifier” or GUID) replaces a patient’s name and the key is stored separately.

​Patient details are sent to a cloud-based Contact Memory Cache Server, located in a DigitalOcean data centre in Toronto, and a random token is created that serves as the Reference ID for the contact details. The Electronic Medical Record (EMR) API uses Transport Layer Security (“TLS”) with 128-bit Advanced Encryption Standard (“AES”) algorithm in sending the information to the Contact Memory Cache Server.

​Contact Memory Cache servers are specialized servers with no persistent storage, storing data solely in volatile memory. The contact memory caches delete data older than 30 days daily, by default. Outreach message information is rendered permanently de-identified. This non-identifiable data is kept for statistical, billing and evaluation purposes.

Processing surveys is handled by a third-party solution (SurveyMonkey). As the invitation to complete the survey is handled by Cliniconex, no information about the patient is sent to the survey system, just the random GUID that is part of the weblink. The survey system is configured to return anonymous survey results. No contact information or IP addresses are tracked.

See also For Patients: Your Privacy Is Paramount