Pandemic Privacy Impact Assessments
The COVID-19 pandemic has required clinics and patients to make many changes. Some physicians have added video consultations as a way to interact with their patients, some converted from paper based files to electronic record systems, and some began requiring clinic access to Netcare to access patient records remotely. If you made any of the mentioned changes, you may need to update your Privacy Impact Assessment (PIA), if you haven’t already as new administrative practices may require it.
Additional changes include, but are not limited to:
- Data exchange with new parties;
- Changes in the type of data exchanged and/pr the use of data;
- Changes to or additions to roles ie: Change of Privacy Officer appointment;
- Access to Netcare/Connect Care;
- Addition of new billing, transcription or shredding service provider;
- Adoption of new practices within the clinic and/pr PCN;
- Adoption of new practices within the clinic and/or PCN;
- Change in staff function/responsibilities;
- New EMR functionality ie: patient portal, video conferencing, mobile apps;
- Change in provincial privacy legislation/policy (CPSA, CMPA, AH, HIA); and
- Change in provincial EHR (Netcare/Connect Care).
Privacy Impact Assessments (PIA) require ongoing review and if necessary, an amendment in order to keep current, which is a requirement of the Office of the Information and Privacy Commissioner (OIPC). Keeping all your past PIA’s is important as the process of updating involves referencing past PIA’s and their contents. If you do not have a PIA to reference that is okay, starting fresh is a great place to begin as well. Just remember that even if you don’t have an EMR, you still must have a PIA that outlines your office’s choice of collecting, using and disclosing health information. It is also helpful to have a document review schedule to ensure all privacy related matters (PIA, Policies and Procedures) are reviewed as required.
As custodian, you are required to ensure your PIA is up to date. For more information, or if you have any questions, contact Rustruct Consulting.
Source: (Alberta Medical Association)
Alberta Medical Association. “Are you still compliant with the HIA?” Alberta Medical Association, https://www.albertadoctors.org/leaders-partners/hia-patient-privacy/still-compliant-with-HIA. Accessed 11 October 2020.