Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

What Is a pORA?

Posted on January 6, 2021 by Meghan in Blog

What Is A pORA?

The Provincial Organizational Readiness Assessment (pORA) document is a risk assessment tool that describes the technical, administrative, and physical security controls necessary to meet the minimum-security standards required by legislation and by Alberta Health.

When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act (HIA) requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.

A completed pORA is one of the pre-requisites for community sites to access the Alberta Netcare Portal.

Alberta Netcare, known as the provincial Electronic Health Record (EHR), is a secure and confidential electronic system. It is accessible to health professionals and contains Albertans’ personal health information. This is also known as the Alberta Netcare Portal or ANP.

A pORA asks questions similar to the questions in a privacy impact assessment and is frequently completed at the same time as a Privacy Impact Assessment (PIA) when a new clinic is preparing to open. It's easy to get them confused, but they are separate documents and have separate purposes.

PIA

A Privacy Impact Assessment is a process that assists healthcare providers (custodians) to review the impact that an implementation of a new administrative practice, information system, or change to existing practices or systems relating to the collection, use and disclosure of individually identifying health information, may have on individual privacy. This includes how the clinic will ensure appropriate safeguards to ALL information sharing practices, including the use of Alberta Netcare.

  • In Alberta, a PIA must be submitted by the custodian to the Office of the Information and Privacy Commissioner (OIPC) for review and acceptance.

pORA

This comprehensive risk assessment is required by Alberta Health to verify that a community healthcare provider custodian meets minimum security standards, before accessing provincial health information. It is one of the core requirements for access to the ANP and assists the custodian in meeting their legislative requirements and protect the privacy, confidentiality, and security of health information.

  • The pORA is submitted by the custodian to Alberta Netcare prior to access to Alberta Netcare Portal.
  • Prior to being granted access to Alberta Netcare Portal, the custodian must also have a PIA accepted by the OIPC.

We know that technology and office practices change over time. It is an expectation that the healthcare provider custodian will review their PIA, pORA, and supporting policies and procedures regularly, at least annually. Alberta Netcare requires that within two years from the date of approval of the pORA that its contents be thoroughly reviewed to ensure the information is correct and up-to-date.

For more information about pORA, see Alberta Netcare. Frequently Asked Questions. Provincial Organization Readiness Assessment. February 2020. 

 

Watch the FAQ video here!

Did you enjoy this article? If you'd like to look at similar posts, visits these links:

Do You Need An Expedited Netcare Privacy Impact Assessment?

 

Alberta, Alberta Netcare, Alberta Netcare Portal, ANP, Health Information Act, HIA, Netcare, p-ORA, pORA, Privacy Impact Assessment, Provincial Organizational Readiness Assessment

Do you have Netcare?

Posted on September 22, 2014 by Jean Eaton in Blog

Netcare's PIA Process

When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.

Alberta Netcare, also known as the Alberta Electronic Health Record (EHR), is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images (e.g. x-rays and ultrasounds) and hospital reports (e.g. hospital discharge summaries). Netcare is used throughout Alberta in hospitals run by Alberta Health Services and Covenant Health and in medical clinics and pharmacies. This is managed by Alberta Health, Government of Alberta. Alberta Health Services (regional health authority), community pharmacies, labs and diagnostic imaging centres and other agencies upload patient information to Netcare.

Netcare Portal PIA

Each custodian is required by Health Information Act to submit a Privacy Impact Assessment to the OIPC. Alberta Health submitted a Privacy Impact Assessment (H1124) in 2006 for Alberta Netcare Portal (ANP) and an updated Privacy Impact Assessment (H3879) in March 2013.

Healthcare providers (custodians) who request access to Alberta Netcare Portal (ANP) must submit a Privacy Impact Assessment to the OIPC that documents the healthcare providers’ computer systems integration with Alberta Netcare.

If you have a previous Privacy Impact Assessment that was accepted by the OIPC regarding your access to Alberta Netcare Portal and it is less than two years old, you can submit a Privacy Impact Assessment Addendum. If you have previously completed a Provincial Organization Readiness Assessement (pORA) you will need to review and update the pORA including completing “Section Two: Mandatory Security Requirements for S2S Sites” and return it to Alberta Health for review and approval.

If you have not yet submitted a Privacy Impact Assessment

You need to submit a PIA to the OIPC for acceptance. This must reference the ANP Privacy Impact Assessment (H3879). You must also complete and submit a pORA including “Section Two: Mandatory Security Requirements for S2S Sites”.

Questions to ask:

1)         When was the last time we reviewed our PIA? (This should be reviewed annually.)

2)         Do we have / do we want access to Alberta Netcare Portal (ANP)? If ‘yes’, then:

3)         Was your Privacy Impact Assessment accepted more than two years ago (before August 2012)? If ‘yes’, then

  • Review and amend your PIA and submit to OIPC including reference to ANP Privacy Impact Assessment H3879 and
  • Review your pORA including “Section Two: Mandatory Security Requirements for S2S Sites”. You will likely need additional support from your computer network vendor and your EMR vendor.

4)         If you are a Registered Nurse and work in occupational health, at a First Nations care centre, at a remote nursing station, for a federal jurisdiction or for an authorized homecare service or self employed, you may be eligible to apply for access to Netcare as a custodian. The above steps also applies to you.

Please share this information with colleagues and your computer network support, EMR vendor, and privacy officer in your organization.

PS

Not all healthcare providers are custodians as defined by Health Information Act. For more information, see our blog, HIA Amendments and Document Management Tip

For more information see:

Alberta OIPC. Bulletin Health Information Act Bulletin August 2014 Update.

Alberta Netcare, Your System Integration with Alberta Netcare.

CARNA Netcare Access to Registered Nurses as Custodians.

Need to do a Privacy Impact Assessment or a Privacy Impact Assessment amendment? We have a course for that!

Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments – A Complete Step-by-Step Course

Alberta, E-course PIA; privacy impact assessment, HIA, Netcare, PIA, pORA, Practical Privacy Coach, privacy officer

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"This was my first Webinar and I'm signed up for a few more in the coming weeks. Like Karol, we also have a weight management program at our clinic; fortunately our clientele is quite large as it is through physician referral from surrounding areas, but I think her talk about social media and automation could really help our clients. I look foreword to more seminars online and your newsletter soon."

--Practice Management Nugget event, 'Engage your patients using automated tools' with Karol Clark

- Alissa from Whitecourt

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}