Cate Campkin, Operations Manager at Dentrix DentalCare in Calgary, has been through the PIA process before - and it taught her a lot. The medical practice she was managing changed electronic records management systems and needed to file a new PIA. Working with a then government funded privacy professional, Cate learned first hand the lengths required to properly complete a PIA that fully protects her clinic. That experience convinced her thata PIA is a critical document that requires the dedicated expertise of a professional.
Submitted Privacy Impact Assessments can be hundreds of pages long. The first step towardcreating the document is to study the 72page Health Information Act (HIA) to learn the regulations. To help those not trained in privacy law, the Government of Alberta released a 340 page “Health Information Act Guidelines and Practices Manual” in 2011.
“I don’t want to miss anything. I want to make sure it’s done right,” Ms. Campkin explained when considering the amount of detail that goes into preparing a PIA for submission to the OIPC. “When we go to get connected to NetCare, or if we ever suffer a breach, I want to know beyond a doubt that our PIA is solid.”
Gathering the information and creating the policies that make up a PIA has taken some clinics over a year. If a clinic is hit by a privacy breach or investigation during that time, it’s not enough to say, ‘we’re working on it’. Only completed and accepted PIAs count in the eyes of the OIPC.
Ms. Campkin said that “If I had to do this by myself, it would take forever.” Dentrix DentalCare is a busy practice where everyone’s time is fully booked. Adding PIA prep to any one role would dramatically slow down the regular functioning of the clinic.
Ms. Campkin believes in the old adage that says, ‘if you think hiring a professional is expensive, wait until you hire an amateur.’ She argues that, “the time it would take to do it on our own, the impact that would have on our ability to do our jobs, and the cost of having to go through the process again if we’re not accepted, isn’t worth the relatively low cost of working with Brightsquid.”
“I was amazed at how little Brightsquid is charging. It’s affordable, and it has to be done,” said Ms. Campkin. “If you compare it to the cost of the fines we all know are coming, there’s no saying no.”To help you decide which PIA support organization will best meet the on-going privacy needs of your clinic, refer to this privacy consultant checklist.