Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

What Is a pORA?

what is a pora blog post

What Is A pORA?

The Provincial Organizational Readiness Assessment (pORA) document is a risk assessment tool that describes the technical, administrative, and physical security controls necessary to meet the minimum-security standards required by legislation and by Alberta Health.

When we provide our personal and sensitive information to a healthcare provider, we want assurances that the confidential information will be respected. We expect that our information will only be shared with people who need to know the information to provide health services to us. Alberta's Health Information Act (HIA) requires healthcare providers (custodians) to put appropriate safeguards in place to protect the privacy, confidentiality, and security of health information.

A completed pORA is one of the pre-requisites for community sites to access the Alberta Netcare Portal.

Alberta Netcare, known as the provincial Electronic Health Record (EHR), is a secure and confidential electronic system. It is accessible to health professionals and contains Albertans’ personal health information. This is also known as the Alberta Netcare Portal or ANP.

A pORA asks questions similar to the questions in a privacy impact assessment and is frequently completed at the same time as a Privacy Impact Assessment (PIA) when a new clinic is preparing to open. It's easy to get them confused, but they are separate documents and have separate purposes.

PIA

A Privacy Impact Assessment is a process that assists healthcare providers (custodians) to review the impact that an implementation of a new administrative practice, information system, or change to existing practices or systems relating to the collection, use and disclosure of individually identifying health information, may have on individual privacy. This includes how the clinic will ensure appropriate safeguards to ALL information sharing practices, including the use of Alberta Netcare.

  • In Alberta, a PIA must be submitted by the custodian to the Office of the Information and Privacy Commissioner (OIPC) for review and acceptance.

pORA

This comprehensive risk assessment is required by Alberta Health to verify that a community healthcare provider custodian meets minimum security standards, before accessing provincial health information. It is one of the core requirements for access to the ANP and assists the custodian in meeting their legislative requirements and protect the privacy, confidentiality, and security of health information.

  • The pORA is submitted by the custodian to Alberta Netcare prior to access to Alberta Netcare Portal.
  • Prior to being granted access to Alberta Netcare Portal, the custodian must also have a PIA accepted by the OIPC.

We know that technology and office practices change over time. It is an expectation that the healthcare provider custodian will review their PIA, pORA, and supporting policies and procedures regularly, at least annually. Alberta Netcare requires that within two years from the date of approval of the pORA that its contents be thoroughly reviewed to ensure the information is correct and up-to-date.

For more information about pORA, see Alberta Netcare. Frequently Asked Questions. Provincial Organization Readiness Assessment. February 2020. 

 

Watch the FAQ video here!

Did you enjoy this article? If you'd like to look at similar posts, visits these links:

Do You Need An Expedited Netcare Privacy Impact Assessment?

 

Alberta, Alberta Netcare, Alberta Netcare Portal, ANP, Health Information Act, HIA, Netcare, p-ORA, pORA, Privacy Impact Assessment, Provincial Organizational Readiness Assessment

Privacy Policy

Copyright 2023 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}