Building trust in EMRs in support of improved patient outcomes

Electronic medical records (EMRs) help healthcare workers deliver services safely and efficiently. Electronically recording, storing and accessing patient information reduces the potential for errors and makes it easier to share materials and collaborate.

And EMRs are becoming more common across the country: statistics show EMR use by family doctors, general practitioners and other primary care physicians in Canada increased from 16% in 2004 to 90% in 2021.1,2

Privacy and security are key pillars in the healthcare industry and are even more critical as EMR use increases. But EMR teams, their patients and other stakeholders face a jurisdictional patchwork of privacy and security requirements across Canada which can be difficult to implement without a common framework. Furthermore, most existing requirements insufficiently incorporate emerging technologies such as decentralized identity and blockchain that can strengthen the privacy and security of EMRs.

“The need for privacy in electronic medical records is an absolute must and cannot be overemphasized: it is an essential feature of preserving the privacy of one’s health information, which comprises our most sensitive personal information.”

—Dr. Ann Cavoukian, Executive Director, Global Privacy and Security by Design Centre Inc. and former three-term Information and Privacy Commissioner of Ontario

Filling an EMR privacy and security gap

We saw an opportunity to help EMR users and providers protect patients’ personal health information and collaborated with TELUS to create a standard for privacy and security in EMRs. This common standard provides a trust framework that can help accelerate EMR adoption, which will improve patient safety as well as the continuity, quality and efficiency of care.

The PwC Privacy and Security Standard for EMRs sets out controls that can be implemented when designing and building EMR solutions. This helps EMR users address their particular privacy and security needs and meet regulatory requirements—letting clinicians focus on delivering healthcare services, rather than questioning how to best protect their patients’ medical information.  

Who this report is for:

  • Clinics and healthcare provider networks using EMRs
  • Practitioners and IT teams responsible for EMR solutions
  • EMR solution providers
  • Privacy and information security officers
  • Architects and developers
  • Independent assessment bodies

A framework for building trust in EMRs

Our standard is broken into two sections. The first covers organizational requirements, such as governance, trust and accountability. The second section contains technical requirements across eight domains including consent, limiting use, disclosure and retention, and patient rights management.

Both sections provide guidance to EMR users and providers on meeting privacy and security requirements and include evaluation criteria used by assessors to make sure the requirements are adequately addressed.

This standard helps organizations that use EMRs understand how to: 

Better secure and protect patient privacy through EMRs


Support buy-in and adoption of EMRs in the absence of a Canadawide legislative or proven interoperable solution

Promote and inspire patient and citizen trust in EMRs

This standard doesn’t aim to replace provincial or federal regulations. But we’ve seen through our work, including our previous collaboration with TELUS on a privacy and security standard for virtual care, how trust and transparency is crucial for patients, healthcare professionals and service providers.

Your privacy program can be part of a broader data trust strategy that considers how your organization governs, discovers, protects and minimizes the amount of data it holds. This helps you move beyond compliance and lets you use data with confidence to build trust with patients and sustainably enhance the care they receive. 

This EMR privacy and security standard was developed in collaboration with TELUS, a technology company with a long-standing commitment to protecting privacy. To learn more, visit

1 Chad Leaver, “Use of Electronic Medical Records among Canadian Physicians 2017 Update,” Canada Health Infoway, August 31, 2017,

2 “2021 National Survey of Canadian Physicians,” Canada Health Infoway and Canadian Medical Association, August 11, 2021,

Contact us

​Jordan  Prokopy

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Kathleen Champagne

Kathleen Champagne

Managing Director, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 815 5108

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Follow PwC Canada