Privacy Impact Assessment

Done For You, Done With You, or Do It Yourself options available for your privacy impact assessment consutation!

What Is A Privacy Impact Assessment?

privacy impact assessment

A privacy impact assessment (PIA) is a process to assess the impact of new or change to existing administrative practice, information system or practices relating to the collection, use, disclosure of personal (health) information.

The PIA documents the reasonable safeguards that you will take to protect the privacy, confidentiality, and security of health information.

When Do You Need A PIA?

If your healthcare practice collects personal health information, you need to conduct a PIA.

The Health Information Act requires health providers to complete a Privacy Impact Assessment when you:

  • open a new clinic
  • establish a new health services program
  • change how you collect and use personal information
  • implement Electronic Medical Records (EMR), or transition to a new EMR provider
  • share information with a Primary Care Network or other health program
  • access health information from Alberta Netcare or other data repositories (expedited Netcare PIA)

Information Managers’ Privacy Impact Assessment (PIA) consultation helps you document your practices, meet practice management best practices, and ensure compliance with regulatory legislation.

The PIA consultation includes reviewing your current practices, documenting current or new privacy and security policies and procedures, information flow, legal authority analysis, risk assessment, and Privacy Impact Analysis.

Timelines for Delivery of Privacy Impact Assessment

Depending on the size and scope of the PIA project, the turnaround of a typical Privacy Impact Assessment is two to three weeks (not including review cycles by the custodian / clinic manager) after key decisions and agreements have been made by the client including EMR vendor, computer network vendor, etc.

3 Options For You!

Cost of a Privacy Impact Assessment

Information Managers offers three options to assist you with your Privacy Impact Assessment submission.

DFY - Done For You

Billed hourly, the cost of a ‘typical’ EMR and organization management for a new medical practice Privacy Impact Assessment consultation including Health Information Management Privacy and Security Policies and Procedures is 16 to 20 hours or $2,480 to $3,100. The custodian approves the cost estimate prior to starting the consultation.

Ideal for new clinics.

Click Here To See What Is Included:

Health Information Privacy and Security Policies and Procedures Manual (information handling related to HIA requirements for the collection, use, retention, and disclosure of health information).

Resources and forms for your patients and employee including collection notice posters, oaths of confidentiality, privacy and security checklists, release of information best practices, privacy breach management and more!

Privacy Impact Assessment for your new practice and Alberta Netcare Portal expedited PIA.

You will receive all the documents in both one paper hardcopy and editable MS Word document.

Up to 5 subscriptions to the on-line Privacy Awareness In Healthcare Essentials training.

Up to 5 subscriptions to the on-line Cybersecurity Awareness training.

Information Sharing Agreement (ISA) template (when applicable) for your multi-practitioner practice.

Information Management Agreement (IMA) templates with your vendors, if needed.

DWY - Done With You

You purchase the DIY courses, share your work in progress with me and I will help you complete the final stages of the Privacy Impact Assessment. Billed hourly.

This option is ideal for new clinics on a budget and with a long lead time before opening who want a hands-on understanding of policies, procedures, and the HIA.

Also good for established clinics with a previously accepted Privacy Impact Assessment who now need to update their Privacy Impact Assessment and need a little help from a mentor to help them plan and complete their Privacy Impact Assessment.

DIY - Do It Yourself

Purchase the “Health Information Management Privacy and Security Policies and Procedures templates” for $475.

Purchase the “Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course” for $450 includes mentoring on-line and monthly Q&A

Ideal for established clinics with a previously accepted Privacy Impact Assessment who now need to update their Privacy Impact Assessment. Requires a clinic manager, custodian, or delegate with good knowledge of clinic operations and good MS Word skills.

Also available – Privacy Impact Assessment Templates for Virtual Care and Remote Working on-line course and templates for $75 including mentoring. Appropriate for clinics who have a previously accepted Privacy Impact Assessment.

Book a Consultation

Privacy Impact Assessment Process

A PIA consulting process usually includes the following steps:

  • Initial 30-minute complimentary consultation.
  • Client completes self-assessment and clinic description and returns to Information Managers.
  • Written cost and time estimate is approved by the custodian and returned to Information Managers.
  • Discussion with computer network vendor, EMR vendor, other key stakeholders as required.
  • Comprehensive clinic description is prepared and provided for review and editing by the custodian and clinic manager and is returned to Information Managers.
  • Preparation of the Health Information Management Privacy and Security Policies and Procedures manual and PIA submission documents. Additional email and phone inquiries as needed to confirm details.
  • Multiple sequential email instructions provided with step by step instructions and recommendations for implementation and submitting PIA documents to the OIPC. Documents are provided as email attachments and secure file share transfer.
  • Binder with printed PIA documents, Health Information Management Privacy and Security Policies and Procedures, and resources are provided to the custodian in person or by courier.
  • Custodian is invoiced for the PIA consultation services. Payment by cheque, e-transfer, or credit card online within 15 days.
  • Follow-up consultation in-person or remotely by phone or Zoom to review step-by-step email instructions and next steps.
  • The custodian / clinic manager is encouraged to invite Information Managers to assist them in responding to questions from the OIPC as necessary (included in the consultation unless otherwise stipulated).
Privacy Impact Assessment Consultation

Includes Training To Help You Get The Most From the Consultation

On-demand – Policy and Procedure Orientation – 8 short training videos for your employees that highlights each key section of the Health Information Privacy and Security Policies and Procedures Manual. The total time for all videos is 58 minutes. Use this to provide orientation to your current and new employees and providers. Included in Privacy Impact Assessment consultation.

Practice Management Success membership – on-line resources, on-demand privacy breach awareness workshop, with practice management mentoring and monthly Q&A coaching with Jean. 3 months membership included in Privacy Impact Assessment consultation with option to continue $10/month.

In-person or live Zoom meetings. Privacy Awareness, Privacy Breach Awareness training available upon request. Individual pricing.

Privacy Awareness in Healthcare: Essentials – on-line training course provided by Corridor Interactive. 5 licenses for this on-line training course included with purchase of Done For You (DFY) PIA Consultation.

Frequently Asked Questions

Do you provide follow-up post PIA submission and if so, in what capacity and what cost?

Yes – email / phone / zoom / in-person (when available) coaching for follow-up questions from the OIPC, in-clinic transitions, implementation mentoring are generally included in the consultation service. Limited revisions included.

Does the Breach Management Policy include a Risk of Harm checklist and breach reporting form?


What resources do you leave for the clinic?

All documents are delivered in a hard copy binder, editable MS Word documents, pdf format, and in digital documents download. Includes

  • Privacy Impact Assessment
  • Complete Health Information Management Privacy and Security Policies and Procedures (including updated privacy beach reporting checklists and forms) in hard copy binder, editable MS Word documents, pdf format, and in digital documents download
  • Patient forms, Employee forms, Information Manager Agreement and Information Sharing Agreements, Successor Custodian Agreements, Confidentiality Agreements
  • Follow-up emails and implementation coaching phone calls
  • Access to on-line orientation and training to the policies and procedures that you can share with your office

How many PIAs have you worked on that have been accepted?

Hundreds in Alberta.

Are PIAs customized for the clinic (e.g. use of local server, third-party appointment reminder software, Microsoft 365, etc.)?


What medical disciplines do you provide PIA consultation for?

Medical, dental, chiropractic, nurse practitioner, dental hygienist, EMR vendor, Billing Agent Vendor, Transcription Vendor, Application Vendor, health region, etc.

Your Clinic Success Starts Here

Privacy Impact Assessment options available for the unique needs of your healthcare practice.

Contact Us using the button below.

“It is a rare privilege to work with an authentic expert who fulfills their role of consultant and coach with curiosity and respect for the specific nature of their client’s unique enterprise.  Jean Eaton was always prepared, sat every meeting on time, listened to an endless barrage of questions and answered every one with patience, grace, and wise counsel. The end product Information Managers Ltd provided ECHO Health was exceptional; their ongoing support will be a large measure of our success going forward.  I highly recommend their Privacy Impact Assessment services.”

Dr. Gregg Trueman-Klein, NP (Adult), CHPCN(c), DCA

ECHO Health

“I’m so glad we chose Jean to guide us through this process. Her instructions were very clear and the whole process was worry-free. I would definitely recommend Jean to anyone that is asking how to create or amend their clinic Privacy Impact Assessment.”


Clinic Manager

“I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it’s not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean’s PIA course and having her help throughout the process!”

Lindsay Cave

Office Manager, Orion Dental Group

“When Jean told us about the Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments E-course and explained how the course will help us better understand the Health Information Act, our responsibilities as healthcare providers and our relationship with our vendors and partners, I signed up right away! Thanks again – it is no doubt that we have hitched our wagon to a shining star.”

Bill Stowe

Business Manager, Synergy Respiratory & Cardiac Care

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently – but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA’s! Thank you so much!”

Karen Sarabura

Clinic Manager and Privacy Officer, CGA Medical Imaging

“I attended the Privacy Impact Assessment Walk-through workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities.”

Ellen Sauvé

Parkland County

Your Clinic Success Is Our Mission

The right PIA solution for your clinic.

About Jean L. Eaton

Jean Eaton

Jean Eaton, BA Admin (Healthcare), CHIM, CC is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.

Jean is constructively obsessive about privacy, confidentiality, and security in healthcare.

She is an experienced leader in health information management. She has worked with multi-disciplinary health care service professionals in primary, acute, and tertiary care facilities across Canada.

Jean has successfully assisted primary care physicians, chiropractors, dentists, pharmacists, primary care networks, and other health care providers across Canada to develop privacy impact assessments (PIA) and office policies and procedures and training regarding the collection, use, and disclosure of health information.