Cate Campkin, Operations Manager at Dentrix DentalCare in Calgary, had been through the PIA process before – and it taught her a lot. The medical practice she was managing changed electronic records management systems and needed to file a new PIA. Working with a then government funded privacy professional. That experience convinced her that a PIA is a critical document that requires the dedicated expertise of a professional.
Privacy compliance is in the details:
Submitted Privacy Impact Assessments can be hundreds of pages long. The first step toward creating the document is to study the 72 page Health Information Act (HIA) to learn the regulations.
“When we go to get connected to NetCare, or if we ever suffer a breach, I want to know beyond a doubt that our PIA is solid,” Ms. Campkin explained when considering the amount of detail that goes into preparing a PIA for submission to the OIPC.
Time is of the essence:
It’s not enough to say, ‘we’re working on it’. Only completed and accepted PIAs count in the eyes of the OIPC.
Ms. Campkin said that “If I had to do this by myself, it would take forever.” Adding PIA prep to any one role would dramatically slow down the regular functioning of the clinic.
Weighing the cost:
Ms. Campkin believes in the old adage that says, ‘if you think hiring a professional is expensive, wait until you hire an amateur.’ She argues that, “the time it would take to do it on our own, the impact that would have on our ability to do our jobs, and the cost of having to go through the process again if we’re not accepted, isn’t worth the relatively low cost of working with Brightsquid.”