Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

New Mandatory Privacy Breach Notification Form

mandatory privacy breach notification

Sharing is caring!

1 shares
  • Share
  • Tweet
  • LinkedIn
  • Email

AS of August 31, 2018, the new Alberta regulations regarding mandatory privacy breach notification requirements are in force.

The Alberta Minister of Health (MOH) and the Office of the Information and Privacy Commissioner (OIPC) have published the mandatory notification forms for you to submit your privacy breach notifications.

You can download the forms here:

Notification to Alberta’s Minister of Health: http://www.health.alberta.ca/about/Health-Information-Act.html

Notification to the OIPC: https://www.oipc.ab.ca/forms.aspx

You Will Be FINED $50,000 if You Don't Do This!

If you don’t have an active privacy breach management program and are not compliant with mandatory privacy breach notification, you may be fined up to $50,000.

I recommend that you also use an internal privacy breach reporting form to document your investigation and reporting. The form will help you to navigate the privacy breach management process and record information for your internal use. You can then copy and paste the necessary information to the mandatory notification forms.

If you are a member of Practice Management Success, login and access the Procedure Privacy Breach Management Template including the Privacy Breach Report Form.

Not a member of Practice Management Success, yet?

What are you waiting for?

Get Your Practice Management Success membership

If you are a member of the 4 Step Response Plan, login and access my video and review of how to use the MOH and the OIPC forms.

What You Should Do Now

  1. Update your current privacy breach reporting policies and procedures with the new requirements for mandatory privacy breach notification.
  2. Include copies of these new forms in your procedures so that you can easily access them when needed.
  3. Ensure that your custodians are aware of the new mandatory privacy beach notification regulations. You can share the e-book, Understanding Privacy Breach Notification, to assist you.

Additional Resources

Alberta Health has also added a new chapter, Duty to Notify, to their HIA Guidelines Manual. You can download this chapter here. This provides additional examples of privacy breaches and appropriate responses including comments from OIPC investigations.

 When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS
Alberta, Canada, health care, healthcare, mandatory breach notification, mandatory privacy breach notification, medical, Practice Management Success

Privacy Policy

Copyright 2022 Information Managers Ltd.

1 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}