Compliance with privacy regulations is important for every clinic that manages patient data. Using Brightsquid you can maintain compliance while managing day to day operations and keeping your clinic safe from ransomware.
Brightsquid compliant communication services adhere to over 140 regulatory requirements so you are protected against privacy breaches and can prove compliance in the event of an audit. Each year, Security Metrics performs a National Institute of Standards and Technology (NIST) 800-30 Risk Assessment on the Brightsquid platform to ensure continued compliance. All Brightsquid staff complete annual privacy certifications to maintain our high level of expertise.
Quick Compliance facts:
Encryption does not equal compliance, nor does security. You can have encryption and security without being compliant with the law. However, you can’t be compliant without security and encryption.
Compliance with privacy regulations is good business practice. Regulatory requirements and guidelines are designed to keep patient data safe. Clinics that comply with privacy laws are better protected against patient data breaches such as ransomware that can shut down a clinic for days, weeks, or worse, permanently.
Compliance includes security and encryption as well as these critical considerations:
Authentication – Everyone who views information must be individually identified.
• Unique login information for each user
• Sharing accounts is forbidden
• Automatic log off to prevent unauthorized access
Auditability – Access must be tracked and stored for future reference.
• Manage access to information, restricting or closing accounts on demand
• Storage of all data for up to 10 years
• Track message forwarding
Chain of Custody – You must be able to prove who came in contact with information.
• Implement technical security measures to guard against unauthorized access
• Traditional email is not auditable for chain of custody
There’s more to clinical privacy compliance than communications. In Alberta, privacy regulations mandate that all clinics assess and identify how patient information is collected, used, and disclosed from an administrative, physical and technical perspective. The process is called a Privacy Impact Assessment (PIA).
All custodians of patient information are required to submit a PIA to the OIPC under section 64 of the Health Information Act (HIA).
The Brightsquid privacy team, lead by Alberta’s PIA expert Ingrid Ruys, has completed more than 1,000 PIAs and has over 30 years of compliance consulting experience. We can help answer all your questions and complete your PIA or help you file amendments to an existing PIA when things change.