Are you still compliant with the Health Information Act (HIA)?

Many physicians are unaware when and why they need to update their agreements to stay compliant.

Photo by Marcin Wichary via Flickr (

Your Privacy Impact Assessment (PIA) requires ongoing review and updates to remain relevant and current. If you have adopted any new administrative practices or information systems that collect, use or disclose identifiable health information, an amendment to your PIA may be required.

Reviews should take place whenever there is a change in the clinic systems or data sharing/exchanging environment. Such changes include but are not limited to:

  • Data exchanged with new parties
  • Changes in the type of data exchanged and/or the use of the data
  • Changes to or additions of roles
  • Access to Netcare
  • Addition of a new billing, transcription or shredding service provider
  • Adoption of new practices within the clinic and/or PCN
  • Change in staff functions/responsibilities
  • New EMR functionality (e.g. patient portal, video conferencing, mobile app)
  • Change in provincial privacy legislation/policy (CPSA, CMPA, AH, HIA)
  • Change in provincial EHR (Netcare)


  • Ensure you retain all past PIAs. As you adopt new practices and/or technology and endeavor to update your PIA, you will need to reference past PIAs.
  • Even if you do not have an EMR, you must have a PIA that outlines how you collect, use and disclose health information within your office.
  • Create a documented schedule to ensure regular review of your PIA, privacy agreements and clinic technical, administrative and physical safeguards
  • In addition to keeping your PIA current you should regularly review and update your clinic’s Privacy and Security Policy and Procedures Manual.
  • Information Manager Agreements and Information Sharing Agreements also require ongoing maintenance as use and sharing of data within your clinic evolves.

Online Resources

The Privacy and Security Management section of the AMA website provides useful tools including a privacy officer handbook, privacy and security self-assessments and training tools.

What you need to know about Privacy Agreements provides a privacy overview, frequently asked questions, templates and examples.

For more information, or if you have questions or concerns, please contact Caroline Garland.

Alberta Medical Association Mission: Advocate for and support Alberta physicians. Strengthen their leadership in the provision of sustainable quality care.