Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Use These Reports To Improve Privacy Compliance

virtual care healthcare female doctor

Use These Reports To Improve Your Privacy Compliance

Investigation reports of privacy breach incidents helps to inform and update policies, procedures, and risk assessments can be used by privacy officers, clinic managers, and healthcare custodians to improve privacy compliance in their healthcare practice.

Recent publications by the Alberta Office of the Information and Privacy Commissioner (OIPC) and the College of Physicians and Surgeons of Alberta (CPSA) are great resources.

We can use these real-world examples to improve our current practices to protect the privacy, confidentiality, and security of personal health information and to protect personal health information from unauthorized access, use, disclosure, and loss.

Alberta OIPC Annual Report

In the Alberta OIPC Annual Report 2020-21, Jill Clayton, the Privacy Commissioner, noted that ‘this past year was a year like no other for access to information and protection of privacy in Alberta as the COVID-19 pandemic raised new challenges for regulated stakeholders and my office.’

Work from home mandates impacted how organizations responded to access to information requests and the security of personal information as employees shifted to remote work. The OIPC received over 150 privacy impact assessments (PIA) and notifications about the implementation of new virtual care (or telemedicine) projects.

Overall, the OIPC reports that there was a 31% increase in the number of PIAs that they had received over the previous years. The healthcare sector may not have applied the usual rigour to assess new virtual care solutions as has been previously applied to, for example, EMR implementation. The urgency of the pandemic may have triggered this weakness, but it's something that now we should be able to do better.

There were 930 breaches reported by health information custodians to the OIPC in 2020-21, representing a slight decrease from 2019-20 (938). There were four convictions under the Health Information Act (HIA) for unauthorized access to health information in 2020-21.

Download the Annual Report from the OIPC here

CPSA Virtual Care Standards of Care

The Alberta College of Physicians and Surgeons (CPSA) released on December 20, 2021, its updated Virtual Care Standards of Practice. This was previously released as telemedicine standards.

Download the CPSA Virtual Care Standards of Care here.

I want to highlight a few things that have changed and a few things that we should know about already. The standard provides clarity about physicians who can provide virtual care services for Albertans. A physician who has been licensed to practice and provide care in Alberta, with some exceptions. Other healthcare providers outside of Alberta should not be providing virtual care to residents of Alberta.

The standards also provide guidance on the procedures that a regulated member providing virtual care must follow, including Standard #8:

  • provide the patient with their name, location and licensure status during the initial virtual care encounter;
  • take reasonable steps to confirm the identity and location of the patient during each virtual care encounter;
  • confirm the patient’s physical setting is appropriate given the context of the encounter and ensure consent to proceed, in accordance with the Informed Consent standard of practice;
  • offer the patient the opportunity for in-person care; and
  • ensure there is a plan in place to manage adverse events or emergencies and make patients aware of appropriate steps to take in these instances.

The standards also remind physicians that prior to implementing new virtual care technologies or practices, that you must prepare a PIA. This applies even if you are ‘just’ using telephone to provide virtual care.

PIA Remote Working and Virtual Care Templates

Last year, Information Managers created a virtual care privacy impact assessment package which includes template policies, procedures, implementation tips, and privacy training. This follows the requirements from the standards from the CPSA and the HIA.

The PIA Remote Working and Virtual Care Templates provide you virtual care procedures, workflow, tips, and Privacy Impact Assessment templates that you can quickly and easily download and customize for your healthcare practice. The training provided will help you to assess privacy and security options to assist you to select the best technology solution for your needs. Then, use the Privacy Impact Assessment templates to document your decisions and submit to the OIPC.

 

Yes! I Want Virtual Care Templates
privacy compliance

Privacy Policy

Copyright 2023 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}