“If only I had someone to ask!”
Each month, we discuss your questions about practice management, human resources issues, clinic management best practices, procedures, resources, practical privacy tips, and more in Practice Management Success membership.
In this Q&A, we're talking about: Does a Dentist Need a PIA?
If you are a member of Practice Management Success, login and join me now on the webinar. The replay will be available in your membership area.
I’ve had a dental practice for 10 years. Do I need a PIA?
In Alberta, the Health Information Act (HIA) was proclaimed in 2001.
Dentists and dental hygienists were named as a designated health professional under the HIA in March 2011.
A custodian as defined by the HIA is defined
1) as a member of a Regulated Health Profession
2) the Health Profession is named in the HIA as a custodian
3) the individual is acting as a custodian
There is a ‘grandfathering’ period when custodians who were already in practice at the time are not required to submit a privacy impact assessment (PIA). The dental practice, of course, must meet all of their dental college requirements including appropriate privacy and security policies, procedures, and reasonable safeguards to protect the privacy, confidentiality, and security of personal health information.
If (when) you have had any changes to your practice, you need to complete a PIA. For example, since 2011, have you had any changes to:
- administrative practice, for example, changes to billing practices, third party contractors, moving to a new location, etc.
- information system, for example, computer network changes, remote backup, or practice management or EMR software
- practices relating to the collection, use, disclosure of personal (health) information
- new or changes to your current information flow (for example new projects, stakeholders, Netcare)
- legislation (i.e. research)
- any new risks to the privacy of health information
- custodians, for example custodians (including dentists and dental hygienists) leaving or joining your practice
The PIA is a process that assists custodians to review the impact that an implementation of a new administrative practice, information system, or change to existing practices or systems relating to the collection, use and disclosure of individually identifying health information, may have on individual privacy.
A PIA describes the information flows in the project, identifies the legal authorities that allow for the flow of information, assesses potential impacts on and risks to privacy and identifies mitigation strategies to minimize the risks.
The process is designed to ensure that the custodian evaluates the new practice or proposed change to ensure technical compliance with the HIA as well as assessing the broader privacy implications for individuals.
Often, the Privacy Officer of the dental practice completes the Privacy Impact Assessment. However, the custodian or CEO is responsible for the Privacy Impact Assessment.
Privacy principles and legal authority determine compliance obligations.
If you don't have a PIA already for your dental practice, and you were in practice prior to 2011, you probably will need a PIA soon. If you opened your practice after 2011, or are just planning your practice now, you need a PIA.
For more information about PIA's, pop over to our resource page here: