What personal health information (PHI) is stored in Ocean?

All personal health information is encrypted prior to storage within Ocean using an encryption password known only to the patient's care providers (not Ocean / OceanMD). This "client-side encryption" goes beyond the protections provided even by the banking industry, since it ensures that even system administrators and third parties cannot view it.

The Ocean kiosks, tablets, questionnaires, secure messages and referrals require the use of personal health information to ensure they can provide a functional and convenient user interface for its users.

Use Cases Requiring Personal Health Information

  • Reviewing contact information on a kiosk or tablet
  • Automatically triggering questionnaires to display based on patient-specific clinical criteria (such as a flu shot that only shows for patients over 18 who have not yet had one)
  • Pre-populating questionnaire and referral forms with lab values and health indicators
  • Storing and uploading questionnaire answers into the electronic medical record
  • Obtaining email consent using a patient's current email address
  • Assisting with the collection of block fee payments
  • Displaying a patient's medication list for medication reconciliation
  • Sending and receiving textual clinical messages and attachments to the patient via a secure email link
  • Sending electronic referrals containing relevant clinical and contact information for patients and their providers

Field List

To successfully provide these use cases for Ocean users, Ocean must temporarily store the following fields in an encrypted format:

  • Electronic medical records ID
  • Source site / clinic
  • Demographics including birthdate, sex / gender, spoken language, associated comments
  • Patient's family doctor, clinic-specific doctor, and primary provider/clinician
  • Patient roster status
  • Clinic block fee payment status
  • Contact information including address, email, phone, emergency contact, email consent status, preferred pharmacy
  • Health number, health number province, health number version code, health number expiry date
  • Cumulative patient profile fields including health problems, past medical history, family health history, social history, allergies, active treatments, immunizations
  • Pertinent lab values: Cr, eGFR, Hb A1C, ACR, FBS, RBS, OGTT, TG, HDL, LDL, Chol:HDL, Ketones, Na, K, CO2
  • Vitals: Latest height, weight, blood pressure
  • Upcoming appointments: date, time, reason, type, location
  • Patient-specific Ocean form/questionnaire queue
  • For Ocean Online Messaging: Secure messages, associated attachments, and patient responses to questionnaires
  • For referrals: referral note, referral source and destination, requested health services, booking information, associated notification emails, associated clinical notes and attachments, associated messages

In accordance with our privacy policy and PHIPA / PIPEDA, even though the information is in an unidentifiable encrypted format, the personal health information is scrubbed from Ocean servers as soon as the associated use case(s) are considered complete.

For more information on OceanMD's commitment to protecting privacy, please refer to: "How does OceanMD adhere to the 10 Privacy Principles of PHIPA?".

Have more questions? Submit a request