Netcare's PIA Process
When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.
Alberta Netcare, also known as the Alberta Electronic Health Record (EHR), is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images (e.g. x-rays and ultrasounds) and hospital reports (e.g. hospital discharge summaries). Netcare is used throughout Alberta in hospitals run by Alberta Health Services and Covenant Health and in medical clinics and pharmacies. This is managed by Alberta Health, Government of Alberta. Alberta Health Services (regional health authority), community pharmacies, labs and diagnostic imaging centres and other agencies upload patient information to Netcare.
Netcare Portal PIA
Each custodian is required by Health Information Act to submit a Privacy Impact Assessment to the OIPC. Alberta Health submitted a Privacy Impact Assessment (H1124) in 2006 for Alberta Netcare Portal (ANP) and an updated Privacy Impact Assessment (H3879) in March 2013.
Healthcare providers (custodians) who request access to Alberta Netcare Portal (ANP) must submit a Privacy Impact Assessment to the OIPC that documents the healthcare providers’ computer systems integration with Alberta Netcare.
If you have a previous Privacy Impact Assessment that was accepted by the OIPC regarding your access to Alberta Netcare Portal and it is less than two years old, you can submit a Privacy Impact Assessment Addendum. If you have previously completed a Provincial Organization Readiness Assessement (pORA) you will need to review and update the pORA including completing “Section Two: Mandatory Security Requirements for S2S Sites” and return it to Alberta Health for review and approval.
If you have not yet submitted a Privacy Impact Assessment
You need to submit a PIA to the OIPC for acceptance. This must reference the ANP Privacy Impact Assessment (H3879). You must also complete and submit a pORA including “Section Two: Mandatory Security Requirements for S2S Sites”.
Questions to ask:
1) When was the last time we reviewed our PIA? (This should be reviewed annually.)
2) Do we have / do we want access to Alberta Netcare Portal (ANP)? If ‘yes’, then:
3) Was your Privacy Impact Assessment accepted more than two years ago (before August 2012)? If ‘yes’, then
- Review and amend your PIA and submit to OIPC including reference to ANP Privacy Impact Assessment H3879 and
- Review your pORA including “Section Two: Mandatory Security Requirements for S2S Sites”. You will likely need additional support from your computer network vendor and your EMR vendor.
4) If you are a Registered Nurse and work in occupational health, at a First Nations care centre, at a remote nursing station, for a federal jurisdiction or for an authorized homecare service or self employed, you may be eligible to apply for access to Netcare as a custodian. The above steps also applies to you.
Please share this information with colleagues and your computer network support, EMR vendor, and privacy officer in your organization.
PS
Not all healthcare providers are custodians as defined by Health Information Act. For more information, see our blog, HIA Amendments and Document Management Tip
For more information see:
Alberta OIPC. Bulletin Health Information Act Bulletin August 2014 Update.
Alberta Netcare, Your System Integration with Alberta Netcare.
CARNA Netcare Access to Registered Nurses as Custodians.
Need to do a Privacy Impact Assessment or a Privacy Impact Assessment amendment? We have a course for that!