Compliance with privacy regulations is important for every clinic that manages patient data. The challenge we help you solve is maintaining compliance while managing day to day operations.
Brightsquid compliant communication services adhere to over 140 regulatory requirements so that users are protected against privacy breaches and can prove compliance in the event of an audit. Each year, Security Metrics performs a National Institute of Standards and Technology (NIST) 800-30 Risk Assessment on the Brightsquid platform to ensure continued compliance. All Brightsquid staff complete annual privacy certifications to maintain our high level of expertise.
Encryption does not equal compliance, nor does security. You can have both without being compliance with the law. However, you can’t be compliant without security and encryption.
Authentication – Everyone who views information must be individually identified.
Auditability – Access must be tracked and stored for future reference.
Chain of Custody – You must be able to prove who came in contact with information.
There’s more to clinical privacy compliance than communications. In Alberta, privacy regulations mandate that all clinics assess and identify how patient information is collected, used, and disclosed from an administrative, physical and technical perspective. The process is called a Privacy Impact Assessment (PIA).
All custodians of patient information are required to submit a PIA to the OIPC under section 64 of the Health Information Act (HIA).
The Brightsquid privacy team, lead by Alberta’s PIA expert Ingrid Ruys, has completed more than 1,000 PIAs and has over 30 years of compliance consulting experience. We can help answer all your questions and complete your PIA or help you file amendments to an existing PIA when things change.