What is the Lumeo System?

Lumeo is a new Southeastern regional health information system that will connect you and your health care teams for quality care. Lumeo will enable the following organizations to share personal health information about you:

  • Brockville General Hospital
  • Kingston Health Sciences Centre
  • Lennox and Addington County General Hospital
  • Perth and Smiths Falls District Hospital
  • Providence Care
  • Quinte Health

The first step in this regional partnership is the implementation of the Lumeo System and the six organizations listed above will go-live with Lumeo at the beginning of December 2024. This means that healthcare providers at all six organizations will have seamless access to personal health information records while meeting privacy requirements.

Learn more about this partnership here.

Kingston Health Sciences Centre as a Health Information Network Provider for Lumeo

Kingston Health Sciences Centre (KHSC) is the “health information network provider” (HINP) for Lumeo. A HINP is defined by Ontario’s health privacy law (The Personal Health Information Protection Act or PHIPA) as someone “who provides services to two or more health information custodians to use electronic means to disclose personal health information”. The six organizations listed above are “health information custodians” as defined by PHIPA and, as the HINP, KHSC is enabling the sharing of personal health information (PHI) between them using the Lumeo system.

What is my personal health information?

Personal health information includes any identifiable information about your health or health care history. It can include, but is not limited to, things like your medical history, details of visits to your doctor, test results or your health card number.

Kingston Health Sciences Centre as a Health Information Network Provider for the Ontario eHub Health Information Exchange (HIE)

In addition to Lumeo, KHSC is acting as the HINP for the Ontario eHub Health Information Exchange (HIE). The HIE is powered by Oracle Health. The HIE connects the health information systems of Ontario-based healthcare organizations, such as hospitals, and long-term care homes to help improve patient care through better information access. The HIE will help these healthcare organizations share patient (i.e., patients, clients, residents) data more easily and securely, improve care for patients, and reduce the burden on patients to remember information and the burden on these organizations to run tests, for example. KHSC is also working with TransForm Shared Services Organization to manage the HIE.

For a list of the current organizations participating in the HIE, as well as what information they share, click the links below:

Can I limit who sees my personal health information in Lumeo or the HIE?

Yes. You can limit access to your personal health information for healthcare purposes by asking for a lock on your record, also called a “consent directive”. If you want to add a consent directive, contact the Privacy Office where you normally receive care for more information. If you have previously requested a consent directive ("lockbox"), this consent directive will remain in place and has been transitioned to Lumeo and the HIE.

Safeguards to Protect Your Privacy

In KHSC’s role as the HINP for both Lumeo and the HIE, we are responsible for implementing administrative, physical and technical safeguards to protect the privacy and security of PHI in Lumeo. These safeguards include, but are not limited to:

Administrative Safeguards:

  • Establishing appropriate agreements between the Participating Organizations, as well as anyone else who may have access to PHI in Lumeo or the HIE.
  • Making this plain language statement available to both the public and participating organizations so they are aware of the safeguards in place to protect the PHI in Lumeo and the HIE.
  • Identifying individuals who will be responsible for the privacy and security of the PHI in Lumeo and the HIE.
  • Training personnel on privacy awareness and security best practices and having them sign confidentiality agreements when they join the organization and on an annual basis.
  • Privacy and security policies and procedures, as well as breach management protocols and disaster recovery plans are in place and regularly reviewed.
  • Assessing the privacy and security of the information system to help ensure that it protects personal health information, including completing privacy impact assessments (PIAs) and threat risk assessments (TRAs), as required.

Physical Safeguards:

  • Environmental controls to protect against threats such as flooding, fire and power outages.
  • Physical security mechanisms such as video surveillance and card reader access onsite to detect and prevent unauthorized access.
  • Secure disposal of media, equipment and hard drives.

Technical Safeguards:

  • Establishing logging, auditing and monitoring policies and procedures, including the communication of these controls to Health Information Custodians.
  • Role-based user access that defines and limits the information to which personnel have access.
  • Network security measures such as firewalls, anti-malware, and intrusion detection.

For more information about our privacy practices, please contact KHSC’s Privacy Office at 613-549-6666 ext. 2567 or email @email