Privacy Impact Assessment
Done For You, Done With You, or Do It Yourself options available!
What Is A Privacy Impact Assessment?
A privacy impact assessment (PIA) is a process to assess the impact of new or change to existing administrative practice, information system or practices relating to the collection, use, disclosure of personal (health) information.
The PIA documents the reasonable safeguards that you will take to protect the privacy, confidentiality, and security of health information.
When Do You Need A PIA?
If your healthcare practice collects personal health information, you need to conduct a PIA.
The Health Information Act requires health providers to complete a Privacy Impact Assessment when you:
- open a new clinic
- establish a new health services program
- change how you collect and use personal information
- implement Electronic Medical Records (EMR), or transition to a new EMR provider
- share information with a Primary Care Network or other health program
- access health information from Alberta Netcare or other data repositories (expedited Netcare PIA)
Information Managers' Privacy Impact Assessment (PIA) consultation helps you document your practices, meet practice management best practices, and ensure compliance with regulatory legislation.
The PIA consultation includes reviewing your current practices, documenting current or new privacy and security policies and procedures, information flow, legal authority analysis, risk assessment, and Privacy Impact Analysis.
Timelines for Delivery of Privacy Impact Assessment
Depending on the size and scope of the PIA project, the turnaround of a typical Privacy Impact Assessment is two to three weeks (not including review cycles by the custodian / clinic manager) after key decisions and agreements have been made by the client including EMR vendor, computer network vendor, etc.
3 Options For You!
Cost of a Privacy Impact Assessment
Information Managers offers three options to assist you with your Privacy Impact Assessment submission.
DFY - Done For You
Billed hourly, the cost of a ‘typical’ EMR and organization management for a new medical practice Privacy Impact Assessment consultation including Health Information Management Privacy and Security Policies and Procedures is 16 to 20 hours or $2,320 to $2,900. The custodian approves the cost estimate prior to starting the consultation.
Ideal for new clinics.
DWY - Done With You
You purchase the DIY courses, share your work in progress with me and I will help you complete the final stages of the Privacy Impact Assessment. Billed hourly.
This option is ideal for new clinics on a budget and with a long lead time before opening who want a hands-on understanding of policies, procedures, and the HIA.
Also good for established clinics with a previously accepted Privacy Impact Assessment who now need to update their Privacy Impact Assessment and need a little help from a mentor to help them plan and complete their Privacy Impact Assessment.
DIY - Do It Yourself
Purchase the “Health Information Management Privacy and Security Policies and Procedures templates” for $475.
Purchase the “Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course” for $450 includes mentoring on-line and monthly Q&A
Ideal for established clinics with a previously accepted Privacy Impact Assessment who now need to update their Privacy Impact Assessment. Requires a clinic manager, custodian, or delegate with good knowledge of clinic operations and good MS Word skills.
Also available – Privacy Impact Assessment Templates for Virtual Care and Remote Working on-line course and templates for $75 including mentoring. Appropriate for clinics who have a previously accepted Privacy Impact Assessment.
Book a Consultation
Privacy Impact Assessment Process
A PIA consulting process usually includes the following steps:
- Initial 30-minute complimentary consultation.
- Client completes self-assessment and clinic description and returns to Information Managers.
- Written cost and time estimate is approved by the custodian and returned to Information Managers.
- Discussion with computer network vendor, EMR vendor, other key stakeholders as required.
- Comprehensive clinic description is prepared and provided for review and editing by the custodian and clinic manager and is returned to Information Managers.
- Preparation of the Health Information Management Privacy and Security Policies and Procedures manual and PIA submission documents. Additional email and phone inquiries as needed to confirm details.
- Multiple sequential email instructions provided with step by step instructions and recommendations for implementation and submitting PIA documents to the OIPC. Documents are provided as email attachments and secure file share transfer.
- Binder with printed PIA documents, Health Information Management Privacy and Security Policies and Procedures, and resources are provided to the custodian in person or by courier.
- Custodian is invoiced for the PIA consultation services. Payment by cheque, e-transfer, or credit card online within 15 days.
- Follow-up consultation in-person or remotely by phone or Zoom to review step-by-step email instructions and next steps.
- The custodian / clinic manager is encouraged to invite Information Managers to assist them in responding to questions from the OIPC as necessary (included in the consultation unless otherwise stipulated).
Includes Training To Help You Get The Most From the Consultation
On-demand – Policy and Procedure Orientation – 8 short training videos for your employees that highlights each key section of the Health Information Privacy and Security Policies and Procedures Manual. The total time for all videos is 58 minutes. Use this to provide orientation to your current and new employees and providers. Included in Privacy Impact Assessment consultation.
Practice Management Success membership – on-line resources, on-demand privacy breach awareness workshop, with practice management mentoring and monthly Q&A coaching with Jean. 3 months membership included in Privacy Impact Assessment consultation with option to continue $10/month.
In-person or live Zoom meetings. Privacy Awareness, Privacy Breach Awareness training available upon request. Individual pricing.
Privacy Awareness in Healthcare: Essentials – on-line training course provided by Corridor Interactive. 5 licenses for this on-line training course included with purchase of Done For You (DFY) PIA Consultation.
Self-paced online courses:
Additional on-line training and workshops available. For more information see www.InformationManagers.ca
Frequently Asked Questions
Do you provide follow-up post PIA submission and if so, in what capacity and what cost?
Yes – email / phone / zoom / in-person (when available) coaching for follow-up questions from the OIPC, in-clinic transitions, implementation mentoring are generally included in the consultation service. Limited revisions included.
Does the Breach Management Policy include a Risk of Harm checklist and breach reporting form?
What resources do you leave for the clinic?
All documents are delivered in a hard copy binder, editable MS Word documents, pdf format, and in digital documents download. Includes
- Privacy Impact Assessment
- Complete Health Information Management Privacy and Security Policies and Procedures (including updated privacy beach reporting checklists and forms) in hard copy binder, editable MS Word documents, pdf format, and in digital documents download
- Patient forms, Employee forms, Information Manager Agreement and Information Sharing Agreements, Successor Custodian Agreements, Confidentiality Agreements
- Follow-up emails and implementation coaching phone calls
- Access to on-line orientation and training to the policies and procedures that you can share with your office
How many PIAs have you worked on that have been accepted?
Hundreds in Alberta.
Are PIAs customized for the clinic (e.g. use of local server, third-party appointment reminder software, Microsoft 365, etc.)?
What medical disciplines do you provide PIA consultation for?
Medical, dental, chiropractic, nurse practitioner, dental hygienist, EMR vendor, Billing Agent Vendor, Transcription Vendor, Application Vendor, health region, etc.
Your Clinic Success Starts Here
Privacy Impact Assessment options available for the unique needs of your healthcare practice.
Contact Us using the button below.