MEET YOUR PRIVACY COMPLIANCE EXPERTS

COMPLIANCE INCLUDES SECURITY AND ENCRYPTION AS WELL AS THESE CRITICAL CONSIDERATIONS:

Compliance includes security and encryption as well as these critical considerations:

 

Authentication – Everyone who views information must be individually identified.

• Unique login information for each user
• Sharing accounts is forbidden
• Automatic log off to prevent unauthorized access
Auditability – Access must be tracked and stored for future reference.

• Manage access to information, restricting or closing accounts on demand
• Storage of all data for up to 10 years
• Track message forwarding
Chain of Custody – You must be able to prove who came in contact with information.

• Implement technical security measures to guard against unauthorized access
• Traditional email is not auditable for chain of custody

PRIVACY SUPPORT AND CONSULTING SERVICES

There’s more to clinical privacy compliance than communications. In Alberta, privacy regulations mandate that all clinics assess and identify how patient information is collected, used, and disclosed from an administrative, physical and technical perspective. The process is called a Privacy Impact Assessment (PIA).

All custodians of patient information are required to submit a PIA to the OIPC under section 64 of the Health Information Act (HIA).

The Brightsquid privacy team, lead by Alberta’s PIA expert Ingrid Ruys, has completed more than 1,000 PIAs and has over 30 years of compliance consulting experience. We can help answer all your questions and complete your PIA or help you file amendments to an existing PIA when things change.


Subscribe