AS of August 31, 2018, the new Alberta regulations regarding mandatory privacy breach notification requirements are in force.
The Alberta Minister of Health (MOH) and the Office of the Information and Privacy Commissioner (OIPC) have published the mandatory notification forms for you to submit your privacy breach notifications.
You can download the forms here:
Notification to Alberta’s Minister of Health: http://www.health.alberta.ca/about/Health-Information-Act.html
Notification to the OIPC: https://www.oipc.ab.ca/forms.aspx
You Will Be FINED $50,000 if You Don't Do This!
If you don’t have an active privacy breach management program and are not compliant with mandatory privacy breach notification, you may be fined up to $50,000.
I recommend that you also use an internal privacy breach reporting form to document your investigation and reporting. The form will help you to navigate the privacy breach management process and record information for your internal use. You can then copy and paste the necessary information to the mandatory notification forms.
If you are a member of Practice Management Success, login and access the Procedure Privacy Breach Management Template including the Privacy Breach Report Form.
Not a member of Practice Management Success, yet?
What are you waiting for?
If you are a member of the 4 Step Response Plan, login and access my video and review of how to use the MOH and the OIPC forms.
What You Should Do Now
- Update your current privacy breach reporting policies and procedures with the new requirements for mandatory privacy breach notification.
- Include copies of these new forms in your procedures so that you can easily access them when needed.
- Ensure that your custodians are aware of the new mandatory privacy beach notification regulations. You can share the e-book, Understanding Privacy Breach Notification, to assist you.
Alberta Health has also added a new chapter, Duty to Notify, to their HIA Guidelines Manual. You can download this chapter here. This provides additional examples of privacy breaches and appropriate responses including comments from OIPC investigations.