Congratulations! You are expanding to a new location!
Do you have a PIA for that?
When a physician or another healthcare provider opens another location and both locations are remarkably similar – same employer, same ownership, same EMR and backup practices, etc. – then you may need to only update or amend your original Privacy Impact Assessment.
My recommendation is to review the ‘Clinic Description’ of the initial Privacy Impact Assessment and edit and update all changes.
This will help you to determine if they need a new Privacy Impact Assessment for the new location. If you have a lot of updates – you might need to prepare a Privacy Impact Assessment Amendment and include the information about your new location.
If there are no significant changes, then it may be sufficient to update the clinic description for both clinics, add the additional description of the new clinic and send a Privacy Impact Assessment Amendment to the OIPC. This can often be a letter with an attachment of the updated clinic description.
Most clinics have had, at least, a change in staffing, physicians, and privacy officers.
Has the legislation changed?
Don't forget to consider when the original Privacy Impact Assessment was completed. If it was prior to 2014 then you will need to update your policies and procedures including the amendments to Alberta's Health Information Act and Alberta Electronic Health Records Regulations.
For more information about PIA's see our introductory video.