Sunnybrook Health Sciences Centre

  • The largest single-site hospital in Canada
  • Has a $1 billion annual operating budget
  • Includes a trauma centre
  • Is a teaching hospital of the University of Toronto
  • Achieves $100 million of breakthrough research each year



Find an innovative and comprehensive privacy solution to effectively complement SunnyCare, Sunnybrook’s electronic health record.

In 2012, Sunnybrook management chose to develop their own SunnyCare EHR to overlay all of their existing information systems as a “simple‐to‐use platform.” It was essential to Sunnybrook to incorporate Privacy by Design (PbD) into SunnyCare and comply with privacy legislation. Regional health privacy regulations prohibit a provider organization from using or disclosing personal/protected health information (PHI) about an individual where that individual has expressly prohibited the provider organization from using or disclosing it for a particular purpose.


HIPAAT’s consent and auditing tools support our commitment to privacy assurance and are a great complement to SunnyCare and to our privacy program overall.
Sam Marafioti

Chief Information Officer, Sunnybrook Health Sciences Centre

The integration manages and tracks access to consent-restricted PHI, captures a reason for any consent overrides and generates detailed audit reports for every access to patient records in SunnyCare.
Jeff Curtis

Chief Privacy Officer, Sunnybrook Health Sciences Centre

Computable Privacy Use Case: Large Hospital Center

Video: About SunnyCare

Video: SunnyCare Override

Press Release