Why the need for training?

OntarioMD is committed to training physicians and their staff on relevant topics to facilitate their use of technology in an increasingly digital world. OntarioMD understands different practice types and seeks opportunities to help physician practices realize the benefits of technology to address their needs and goals.  

Physicians are health information custodians (HICs) under the Personal Health Information Protection Act (PHIPA) and need to be kept up-to-date on this privacy legislation and educate themselves and their staff on how to fulfill their obligations to protect Personal Health Information (PHI) on an ongoing basis. OntarioMD has developed privacy and security training and resource expertise to meet this ongoing need and is launching new online privacy and security training, with trackable attestation, to Ontario physicians and other clinicians or their delegates. 

The OntarioMD Privacy and Security Training Module covers topics such as safeguarding PHI from breaches and security incidents, and how to comply with obligations under PHIPA. 

The OntarioMD Privacy and Security Training Module is available at, and can be accessed from any device that connects to the Internet. You will need a user account for the website. If you are already registered for, simply click on Sign In at the top of your screen and log in with your email and password.  Print your completion certificate after you complete the module or log back in to print later.

Click on the button below to be taken directly to the Training Module if you are already logged into the website. If you need help to register for or help to sponsor your staff, please consult the Quick Reference. 


Frequently Asked Questions 

 1. Who can take the online privacy and security training?

The online privacy and security training module is open to all Ontario family physicians, specialists, nurse practitioners, nurses, office managers / Executive Directors, non-IT administrative staff, IT administrative staff, clinic manager, quality improvement / data analysis staff (i.e., QIDSS), dieticians, mental health / social workers, pharmacists and other allied health professionals.  Physicians and Office Managers can also sponsor their staff to complete the training. 

2. Can my staff do the training on my behalf?

No. In order to be able to access certain provincial digital health assets (including EHR Systems), clinicians must each complete the training on their own. To receive Continuing Medical Education (CME) credits for completing the online privacy and security training module and attestations module from the College of Family Physicians of Canada, it is mandatory for physicians to complete the training themselves. Clinician support staff would also benefit from the training and clinicians can designate them as a sponsored user. Each individual user must register for an account with OntarioMD using their own email address in order to access the online training module. Multiple users cannot access the training module using the same email address or account.

3. Why do I need to take privacy and security training module?

Privacy and security training for clinicians is a critical obligation inherent in the accountability that Health Information Custodians have with respect to the appropriate collection, viewing, use, disclosure and safeguarding of PHI. Educating yourself and your staff enables you to comply with regulatory frameworks. Privacy and security training is also recommended to access provincial digital health assets such as the ConnectingOntario Clinical Viewer, HRM, eNotifications, OLIS and any future digital health assets as they become available and may become a mandatory requirement for access in the future. 

4. What does the training cover?

The OntarioMD Privacy and Security Training Module covers:

  • the importance of privacy and security, and your legal and professional obligations
  • PHI and ownership of medical records
  • Ontario's Electronic Health Record ("EHR") systems and your obligations as a user of such systems
  • consent and consent directives 
  • ways to safeguard PHI 
  • developing acceptable use policies
  • system and network controls that must be in place before you access EHR systems
  • how to manage relationships with electronic service providers
  • identifying and appropriately responding to privacy breaches and security incidents

5. How long does the training module take to complete? 

On average, the training should take 45 minutes to complete from start to finish. If you are unable to complete the training in one session, you can log out and log in to resume the training from where you left off.

6. What score do I need to pass the test at the end of the training module to receive the certificate of completion? 

To be issued a certificate of completion for the Privacy Training Module, a minimum score of 80% must be achieved. The test can be taken repeatedly until a passing grade has been achieved. 

7. How often should I take the training?

OntarioMD recommends that all Ontario physicians, nurse practitioners, nurses, office managers / Executive Directors, non-IT administrative staff, IT administrative staff, quality improvement / data analysis staff (i.e., QIDSS), dieticians, mental health / social workers, pharmacists and other allied health professionals take the training at least once a year or whenever you feel you need to be reminded of the concepts and best practices covered in the online privacy and security module. Annual training ensures that you are educated on your obligations under current legislation as well as the most current best practices to protect your practice against privacy breaches and security incidents.

8. Can family physicians claim any Continuing Medical Education credits for completing the training module?

Yes, this Self-Learning program has been certified by the College of Family Physicians of Canada and the Ontario Chapter for up to 2 Mainpro+ credits.

9. Can I claim credit(s) from the Royal College of Physicians and Surgeons of Canada under the Maintenance of Certification Program?

Yes, this module can be claimed for credit(s) under the Royal College Maintenance of Certification (MOC) Program as a Section 2: Personal Learning Project for 2 credits/hour. In order to claim the credit(s), you must record the activity in your MAINPORT ePortfolio and complete at least one learning outcome.


"The OntarioMD Privacy and Security Training Module provides a comprehensive review of Privacy and Security concepts in an easy to access and understand module for physicians, allied professionals and office staff. This module has enabled my office to become compliant with the legal requirements as it relates to PHIPA, enhancing a culture of Privacy in our office. The French module is very well done and appreciated by myself and my French speaking colleagues." - Dr. Therese Hodgson, Family Physician

"I completed the training yesterday and even though I filled out the survey after I was done, I wanted to share with you how much I enjoyed that training. It was very informative and I was able to leave with more knowledge than I entered with. I feel that this training would be most beneficial for every person who works with an EMR." - Gene Vallee, Medical Office Assistant