What Is An Expedited Netcare Privacy Impact Assessment (PIA)?
A privacy impact assessment is a requirement of the Health Information Act (HIA) in Alberta. Alberta Netcare Portal (ANP) is a data repository of health information of Alberta residents. Many healthcare providers request access to the ANP to quickly access lab test results, text reports, and health insurance information to assist them to provide continuing care and treatment to their patients.
We know that privacy and security of health information is critical to the continued accuracy and completeness of health information for all patients. Alberta Health is the custodian of the ANP data repository. To ensure that everyone with access to the ANP also has accepted reasonable standards to protect the privacy, confidentiality, and security of health information, Alberta Health requires each healthcare provider to demonstrate that they have met these reasonable standards before being granted access to the ANP.
Community based healthcare providers who work in independent practices are also known as ‘custodians' as defined in the HIA. The custodians must submit a PIA to the Office of the Information and Privacy Commissioner (OIPC) for their review and acceptance. This PIA demonstrates the custodians' commitment to protect the privacy, confidentiality, and security of health information. Alberta Health and the OIPC have agreed to a streamlined process for healthcare providers and custodians to prepare, submit, and accept the ANP PIA so that healthcare providers can request access to the ANP.
We also know that technology and business practices change over time. It is a good business practice to review your PIA annually and update your risk assessment and mitigation strategies as needed. Updating your Health Information Privacy and Security Policies and Procedures and your PIA and submitting these to the OIPC is recommended best practice and a pre-requisite for continued access to the ANP.
Is It Time To Amend Your Privacy Impact Assessment?
Maybe you want to:
- add a new digital health app or patient portal to make it easier for patients to book appointments with you, or
- get access to Alberta Netcare Portal, or the CII or CPAR projects,
- expedited Netcare Privacy Impact Assessment,
- use the internet to get telehealth on-line consultations for your patients,
- update your participating custodians and privacy officer, and
- regular review to ensure that you are continuing to meet the requirements of the Health Information Act (HIA).
A PIA is a practical business tool in your healthcare practice.
A PIA is an important tool that you can use to help you with project management.
It will help you anticipate risks to the project before it starts and avoid serious problems, and wasted time and money.
The PIA process requires you to have written policies and procedures so that you can implement the project effectively and train your staff consistently.
Sometimes a PIA is a requirement of legislation. But it is always a best practice whenever you implement a project that includes personal health information.
I'd Like To Help You!
I’d like to help you with your Privacy Impact Assessment amendment. Click the button below for the next complimentary workshop!
If you are starting your new practice and need your first Privacy Impact Assessment, see our available consultation options here.
About Jean L. Eaton
Jean Eaton, BA Admin (Healthcare), CHIM, CC is the Practical Privacy Coach and Practice Management Mentor of Information Managers Ltd.
Jean is constructively obsessive about privacy, confidentiality, and security in healthcare.
She is an experienced leader in health information management. She has worked with multi-disciplinary health care service professionals in primary, acute, and tertiary care facilities across Canada.
Jean has successfully assisted primary care physicians, chiropractics, dentists, pharmacists, primary care networks, and other health care providers across Canada to develop privacy impact assessments (PIA) and office policies and procedures and training regarding the collection, use, and disclosure of health information.
You May Also Be Interested In:
Read the article and watch the short video now to take a look at what is a PIA, what will a PIA do for you, when you need a PIA, and what is the PIA process.
You can also listen to the Practice Management Nuggets podcast episode here.
Ideally, you should start the Privacy Impact Assessment process 3- 6 months prior to your go-live date. Find out more by reading the article.