If your healthcare practice is implementing remote working or virtual healthcare, you need to notify the OIPC.
Health information is sensitive information. Reasonable efforts must be made to ensure that identifying and sensitive information is protected from unauthorized access, loss, or damage during and outside work hours. What a custodian may consider is reasonable efforts during a pandemic may be different than reasonable efforts from normal circumstances.
In Alberta, section 64 of the Health Information Act (HIA) requires custodians to prepare a privacy impact assessment (PIA) and submit it to the Office of the Information and Privacy Commissioner (OIPC) of Alberta prior to implementing a new administrative or technical process in a healthcare practice.
The OIPC in Alberta requests in its notice of March 19, 2020, that custodians notify the Commissioner about new administrative practices or information systems.
How Do I Notify The OIPC?
Step 1: If you have implemented, or plan to soon implement remote working, virtual care or other administrative or technical changes in response to the COVID-19 pandemic, send an email to the OIPC to inform them, in general terms, about your plans.
Step 2: As soon as possible, submit a project specific Privacy Impact Assessment to the OIPC.
To help you get started with Step 1, I have prepared a sample email that you can use.
Not sure if remote working is right for your healthcare practice?
Check out the The Practice Management Success Tip, Remote Worker Privacy and Security Checklist, will help you:
- Determine if remote working is appropriate for your employees.
- Identify what clinic / business resources need to be provided to the employee remote worker.
- What reasonable safeguards need to be implemented to protect the privacy, confidentiality, and security of personal (health) information.
Did you enjoy this article? If you’d like to look at similar posts, visit these links: