Under Section 64 of the Health Information Act (HIA), all custodians of patient data are required by law to conduct and submit a privacy impact assessment (PIA) for review by the Office of the Information and Privacy Commissioner (OIPC).
If your clinic is using the Alberta Netcare portal, this shouldn’t be news to you. Before accessing Alberta Netcare’s electronic health records, you would have had to complete an ANP PIA. Meaning your clinic is covered and complying with privacy laws and regulations, right? Not quite.
Since 2006, Alberta Health and the OIPC have agreed to follow an expedited process for custodians to submit PIAs for the Alberta Netcare Portal. Under the expedited PIA process, clinics must submit a formal cover letter, which acknowledges that the ANP PIA does not apply to the use of any other proposed systems within your clinic that collect, use and disclose health information.
In other words, your ANP PIA only covers access to Netcare.
Often more than 300 pages long, full PIAs must look at how your clinic collects, uses, and discloses protected patient information from an administrative, physical, and technology standpoint.
Unlike the Alberta Netcare PIA, the full PIA process looks at all processes and software that touch patient data, identifies risks to the security of that information, and establishes risk management strategies.
Full PIAs are mandatory for healthcare organizations, and they safeguard your clinic against the damaging effects of a privacy breach. Failing to have the proper privacy procedures in place can result in fines of up to $100,000. A full PIA establishes compliant policies and procedures designed to avoid privacy breaches in your practice and keep you, your staff, and your patients safe. If a patient lodges a complaint about the privacy practices or a breach in your clinic, the first thing that the Privacy Commissioner will review to gather information about your privacy practices is your PIA.
Understand your risk and level of compliance with a comprehensive Privacy Impact Assessment. Our team of privacy compliance experts will work with you to examine every aspect of how patient information is managed in your clinic and develop a complete plan to protect your patients and your practice to the letter of the law.
To learn more about Brightsquid’s Complete Compliance Package visit https://brightsquid.com/products/pia-bundle.