When Do You Need a PIA Amendment?

When Do You Need a PIA Amendment?

A Privacy Impact Assessment Is Good For Business

A privacy impact assessment (PIA) is part of a regular business process if you collect, use, or disclose personal health information in your healthcare practice. When you have a previous PIA that has been prepared, submitted to the Office of the Information and Privacy Commissioner (OIPC) and it has been accepted for use–well, that is not the end of your PIA journey.

You need to ensure that you are updating and amending your PIA as your practice matures and as you make administrative and technical changes to the procedures in your practice.

You need a PIA Amendment when you have a previously accepted PIA and any one of these common triggers below.

You Have a PIA That Was Written More Than 2 Years Ago

It is time to review and update this!

Under Section 8(3) of Alberta’s Health Information Regulation, custodians must periodically review the safeguards they have in place to protect health information privacy. This means that custodians need to regularly review the privacy risk mitigation plans set out in PIAs to ensure they continue to protect against reasonably foreseeable risks to the privacy of health information. The submission of your PIA to the Office of the Information and Privacy Commissioner (OIPC) is mandatory and must precede implementation of your new system or practice.

Change in Health Information Act (HIA) Legislation and Regulations

The HIA has undergone significant amendments in 2006, 2010, most recently in August 2018. Make sure that you have updated your privacy breach management program and include mandatory privacy breach notification to the (OIPC) and the Minister of Health (MOH). Again, ensure that your team training has been updated so that they know how to spot, stop, and report a privacy breach. (See Mandatory Privacy Breach Notification)

Changes In Your Electronic Medical Record or Computer Network

You have the same EMR database, but maybe the configuration has changed. For example, a change from a local to an application service provider (ASP) or cloud-based data centre or Software as a Service (SAS) model would trigger a PIA amendment.

Another trigger is a change in your computer network vendor or changes in wireless networking, remote access, or implementing mobile devices.

PIA amendment EMR computer network

Change in Participating Physicians / Privacy Officer

Since your original PIA, you may have new custodians, including physicians, registered nurses, chiropractors, and other health professionals named in the HIA that have joined or left your practice. Your Privacy Officer may have changed, too. Your amendment should include an up-to-date listing of custodians and privacy officers.

New Users / Information Sharing

There have been many recent information sharing initiatives in healthcare. You might now plan to participate in evaluation projects, patient panel management, or other community initiatives. Make sure that you have your PIA amendment and information manager agreements completed, too. (See – The Top 3 Agreements Your Healthcare Practice MUST Have (and Why).

A quick word of caution: if your new information sharing project includes data matching–the creation of new information by combining two or more sets of data—requires custodians to prepare a privacy impact assessment before performing data matching involving health information (HIA sections 70, 71). The custodian that carries out the data matching is responsible for preparing the Privacy Impact Assessment.

PIA amendment new users

Communicating With Patients

If you are adding new technology to keep in touch with patients for appointment reminders, on-line appointment booking, secure email or patient portals, these will trigger a PIA amendment or, perhaps, a project specific PIA. Make sure that your policies and procedures are up to date, too. (See – Can You Use Text Message With Your Patients? )

PIA Amendment Communicating with patients

Alberta Netcare Portal (ANP) / Community Integration Initiative (CII) / CPAR

ANP updated their PIA in 2016 and, therefore, you need to make sure that your corresponding policies and procedures and training have been updated, too. Remember – when you agreed to participate in ANP, you promised that you would review your threat risk analysis (TRA) and update your Provincial Organization Readiness Assessment (p-ORA) when changes occur and at least every two years.

Prior to applying for the Alberta  CII / CPAR Grant, your practice must have a privacy impact assessment that reflects the current clinic environment.

Maturing Practice

You have learned and grown since your original Privacy Impact Assessment submission. Have you implemented everything that you said that you would? Can you demonstrate that your teams have received privacy and security awareness training? Have you reviewed your Health Information Management Privacy and Security policies and procedures in the last two years?

Keeping up to date without any other significant changes to your practice may not trigger a Privacy Impact Assessment amendment. Make sure that you document your careful review so that you are prepared for your next Privacy Impact Assessment submission.

Important Business Decisions

Creating and reviewing your PIA regularly can help you to spot errors or gaps between the way that you do the work in the clinic and the way that you said that you were going to implement in your clinic.

The questions that we ask during the PIA process are important. The time that you take now to identify the potential risks and prevent those incidents from happening may save you time, money, reputation and even jail time in the future.

 

3 Options to Help you Create your Privacy Impact Assessment

DIY – Do It Yourself – The Privacy Impact Assessment course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course, Includes PIA templates, training sessions live and the replays, and access to me to ask your questions and receive feedback to help you get un-stuck.

DFY – Done For You – I prepare your Health Information Management Privacy and Security Manual policies and procedures and your Privacy Impact Assessment. You receive both paper and electronic copies of all the documents.

DWY – Done With You – a hybrid solution, you register for the on-line course and do the information gathering and preparation of your Privacy Impact Assessment submission with coaching from me in the course. I will also assist you to prepare the customized privacy and security policies and procedures, and resources as needed at an hourly consulting rate.

Find out more here: Privacy Impact Assessments or send me an email.

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Do you need a Privacy Impact Assessment?

Or do you need to amend an existing PIA?

Privacy Impact Assessments are just one of the requirements you need in order to fulfill your obligations in Alberta’s Health Information Act (HIA) and other legislation and are an important aspect of developing privacy best practices in your office.

And a little help along the way is always a good thing.

Practical Privacy Coach, Jean  L. Eaton of Information Managers, is constructively obsessive about privacy, confidentiality, and security when it comes to the handling of personal and health information, particularly in primary health care settings. Jean has helped hundreds of healthcare providers, vendors, and health and social service delivery organizations and associations complete their Privacy Impact Assessment which have been successfully accepted by organizations’ management and regulators. Jean has customized and delivered privacy training programs for privacy officers, records management professionals, implementation teams, and healthcare providers across Canada and the US.

Now you can have access to five modules to help you learn everything you need in order to complete your own PIA.

[s3vpp id=3a4b10b9e627f27da781cdb590b784cf]

**** New PIA Amendment Track ****

Each module includes a video training, as well as templatestoolsresources and case studies to build on in each lesson. You can use this scenario to guide you through the PIA process in healthcare. If you work in healthcare or privacy or records management and need to do a PIA, this e-course is for you.

 

You need a Privacy Impact Assessment (PIA) when

  • You  are opening a new clinic or establishing a new health services program.
  • You are changing administrative procedures or technology equipment, services, or vendors
  • You are changing how you collect and use personal information,
  • You are implementing or changing an Electronic Medical Records (EMR)
  • You are sharing health information with another healthcare provider, organization, Primary Care Network or other health program.
  • You want to prevent a privacy breach,
  • You have a Privacy Impact Assessment that was written more than 2 years ago (It is time to review and update this!)

 

If you are a healthcare provider, practice manager, and you need your first Privacy Impact Assessment, this e-course is for you

Are you in a group or solo practice with direct patient care, for example:

  • Physician
  • Pharmacist
  • Registered nurse
  • Optometrist or optician
  • Chiropractor
  • Physiotherapist
  • Midwife
  • Podiatrist
  • Dentist, dental hygienist or denturist
  • Audiologist
  • Mental health practicitioner
  • Laboratory, x-ray, and imaging technician
  • Paramedic

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this online on-demand course is for you!

The Clinic Manager and Physician Lead and Privacy Officer  must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta’s Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

 

If you are vendor that supports healthcare practices this e-course is for you!

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That’s why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a video training as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Using a Webinar on-line interactive program, you will get great content and mentoring from Jean Eaton and once a month during the Q&A live training webinars. Learn the PIA process with these modules.

The modules include:

Module 1:

PIA to Protect Your Practice, Your Assets, and Your Patients

 

Module 2:

Information Flows–-the Foundation of Your PIA

 

Module 3:

Risk Analysis and Mitigation Strategies

 

Module 4:

PIA Format – Pulling it All Together

 

Module 5:

Complete Your PIA Submission

BONUS Module 6:

Create a Branded Privacy Impact Assessment Readiness Package

The replays, tools, and resources will be available to you right away.

If you are new to this field, I suggest that you first register for Privacy Awareness in Healthcare: Essentials to master the key definitions and concepts.

Corridor Interactive

 

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments –

A Complete Step-by-Step Course

5 Core Modules, Templates, Training, and Tools to Get Your PIA Done!

Monthly Live Q&A Training Webinars

$450.00 (plus GST)

Purchase e-course

 

You will get

  • Learning Resource Guide for EACH module – how-to explanations, templates, and resource lists
  • Checklists to help you plan your PIA
  • MindMap of the entire PIA process
  • PIA project plan timeline templates
  • Checklists of  personal and health information privacy and security policies that you need in your practice
  • Many examples of projects in medical, dental, chiropractic and more practices including new PIA project and PIA amendments.
  • Explanation and real-life examples of key terms that you need to know and include in your PIA
  • Strategies and templates of risk management assessments that you can customize
  • This E-course might qualify for CPE credits, too!

 

BONUS!  Monthly live Q&A webinar training with Jean to help you get un-stuck with your PIA.

BONUS! Checklist to update your PIA to meet recent changes to Alberta’s Netcare Portal.

BONUS! Private discussion group with other registered participants of this course to network and support each other on your PIA journey and continue to help you after this course closes.

BONUS! Regular updates of privacy resources and templates that you can use.

 

If you hired a consultant to do the work of the PIA process for you it may cost you as much as $3,000!

And then…when the consultant is done, they take their knowledge out the door with them.

Invest only $450 in this course and you’ll have what you need to do your first PIA project today…and every project in the future!

Jean Introduction Ecourse PIA (1)


I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it’s not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean’s PIA course and having her help throughout the process!”

~~Lindsey Cave, Office Manager, Orion Dental Group

 

What people are saying about our PIA e-courses and in-person workshops:

Q: What did you learn from this workshop?

Participant’s Responses:

  • Understanding of need / use of Information Management Agreement’s and an ‘Evaluation” agreement.
  • Lots – when / how to make amendments.
  • Compliance / requirements of PIA and their purpose.
  • PIA information; agreements, updating.

 

Q: What do you feel was the biggest benefit to attending this workshop?

Participant’s Responses:

  • Understanding a PIA.
  • Having a better understanding of PIA’s and everything included in requirements.
  • Gain a better overview of my PIA and what I need to add; organizational strategy.
  • Clear vision of work to be done.

“When Jean told us about the Protest Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments E-course and explained how the course will help us better understand the Health Information Act, our responsibilities as healthcare providers and our relationship with our vendors and partners, I signed up right away! Thanks again – it is no doubt that we have hitched our wagon to a shining star.”
~~Bill Stowe, Business Manager Synergy Respiratory & Cardiac Care

“This was my first ever time I had to work on a PIA and I was a little nervous about doing it efficiently – but you really made it as simple and straight forward as possible. Thank you for being available for my questions when I had them. I would easily recommend Privacy Impact Assessments to Protect Your Practice course for anyone to do their own PIA’s! Thank you so much!”
~~Karen Sarabura, Clinic Manager and Privacy Officer, CGA Medical Imaging, Alberta

“I attended the Privacy Impact Assessment Walk-through workshop (for ARMA members). Jean shared resources and on-going networking opportunities. The biggest benefit to me is to know that there is help out there in moving forward with our Privacy Impact Assessment responsibilities.”
~~Ellen Sauvé, Parkland County

Comments from other E-course participants:

“Learning about how all the information gathering systems interact was the most valuable part of this workshop”

“Excellent presenter – variety of learning opportunities.”

“Jean is an excellent speaker and I enjoyed the audio seminar you gave today and I learned a lot from your seminar.”
~~Annette T (AHIMA webinar, Three Mistakes in Managing a Privacy Breach”)

“Jean Eaton is one of those ‘critical suppliers’ you keep in your email contacts list, no matter what company you manage. She really knows her stuff and delivers prompt, accurate information on time. Her courses are interesting, informative, and I like the opportunity to meet with classmates who have similar challenges.”
~~Kevin Morris, Shape MD, Team Leader/Office Manager

 

Buy e-course

In-Person Workshops Are Now Available

Are you a hands-on kinda person?

Are you more likely to get things done when you schedule your time for a working meeting?

Would you like help to kick-start your PIA amendment and review with other like-minded clinic managers and privacy officers?

PIA Amendment Workshops are available. Send a request to me and let’s set up a workshop near you! You also get full access to the on-line course to support you after the workshop.

 

 

Not sure if the E-course is for you?

Jean will answer your questions in the free webinar,

 

Prevent Big Fines (or Worse!) for Your Healthcare Practice

How to Plan a Privacy Impact Assessment for Your Healthcare Practice

with Jean L. Eaton
Replay Recorded Live

This webinar is for Privacy Officers, Clinic Managers, Practice Managers and anyone else responsible for doing a PIA.

You will learn what is getting in your way of getting your PIA done!

In this free webinar, you will learn:

  • 5 Manageable Steps of every PIA
  • 3 Biggest Myths about PIA’s that is preventing you from completing your PIA
  • Questions Privacy Officers, Clinic Managers, Practice Managers and Healthcare providers should ask about PIA’s but don’t
  • Biggest fears about doing a PIA and how you can kick it to the curb so that you can finally get it done

Join us for the webinar so that you can plan your PIA for your healthcare practice!

Sign me up for this FREE webinar

Get Free Access Now Arrow

Please provide your email address below and you will be re-directed to the webinar replay right away.

Check your email in-box to confirm your registration!

 

 

 

 

 

 


 Along with your webinar registration, you will also benefit from the occasional Privacy Nugget tips by email of similar privacy resources and articles that you can use right away!