Dental clinic compliance with the Privacy Impact Assessment regulatory statutes in Alberta can be challenging. Maintaining private records of dental patients is a heavy responsibility.
The appropriate collection, use, and disclosure of confidential information are critical to maintaining privacy for the patients who choose to place trust in your practice. A strong emphasis on data security is necessary to maintain that trust.
Are you concerned about meeting regulatory compliance?
Do you wish to establish security practices that allow your patients to feel safe and secure?
Data custodians such as dentists are required to prove their digital infrastructure is secure with a Privacy Impact Assessment (PIA).
What is a Privacy Impact Assessment?
A dental PIA is an audit of your internal processes within your dental clinic that defines how you identify and mitigate cybersecurity risks. Section 64 of the Health Information Act (HIA) states the following:
Duty to prepare a privacy impact assessment
64(1) Subject to subsection (3), each custodian must prepare a privacy impact assessment that describes how proposed administrative practices and information systems relating to the collection, use and disclosure of individually identifying health information may affect the privacy of the individual who is the subject of the information.
(2) Subject to subsection (3), the custodian must submit the privacy impact assessment to the Commissioner for review and comment before implementing any proposed new practice or system described in subsection (1) or any proposed change to existing practices and systems described in subsection (1).
(3) Subsections (1) and (2) do not apply to custodians described in section 1(1)(f)(iv), (ix.1) and (xii) in the collection, use or disclosure of health information between or among these custodians for a function set out in section 27(2), unless the custodians will implement a new information system or change an existing information system in conjunction with the collection, use or disclosure.
In addition to dentists, optometrists, pharmacists, opticians, chiropractors, physicians, surgeons, midwives, podiatrists, denturists, dental hygienists, and registered nurses must also comply with the OIPC in submitting a PIA.
The PIA documents how your organization manages the personal data that you retain on your patients and outlines the steps being taken to protect that data.
How to Remain in Compliance with the Alberta Health Act
Developing your PIA might seem intimidating, but to remain in compliance with Alberta’s Health Information Act, private dental practices do not have a choice.
Depending on how large your clinic is, your PIA might be several hundred pages long. In addition to describing how patient data is stored, you must also provide information about how your staff is trained, who has access to data, the physical and digital storage processes for data, and the security you have in place to protect the data.
Luckily, there are many resources available to assist in creating and filing a PIA.
- The first step is to begin the process as soon as possible. You must document everything associated with privacy risks. You can continue operating your practice and submit your PIA, even as you work to establish better data security practices.
- Your dental PIA is a living document that you can update as you implement more procedures to safeguard patient data.
- Creating awareness of the risks that exist puts you one step ahead of potential hackers who may make malicious attempts at gaining access to your confidential servers.
- After completing your PIA, it must be submitted to the OIPC for approval, which can take up to 12 months.
The one thing you should not do is ignore this requirement.
How The ITeam Can Help Your Dental Practice
The ITeam understands the cybersecurity issues facing Canada’s dental practices.
We are committed to helping Calgary- and Alberta-based dentists and medical professionals develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency.
The ITeam will do more than assist with legal documentation like the PIA.
With over 20 years of experience, we have designed a comprehensive IT service package for the healthcare industry that delivers superior results.
We are experts in helping you complete and submit your dental PIA to remain in compliance. Contact us to learn more.