Privacy Impact Assessment (PIA)

Stock photo from Canva.com

What is a PIA?

A Privacy Impact Assessment (PIA) is a due diligence process used to analyze, identify and address potential privacy risks within a clinic. By working through the requirements of a PIA, you will discover potential privacy impacts and have the opportunity to mitigate those risks.

PIA components include:

  • Cover Letter and Cover Page
  • Section A: Project Overview
  • Section B: Privacy Management
  • Section C: Privacy Analysis
  • Section D: Privacy Risks and Mitigation Plans
  • Section E: Policies and Procedures

Alberta Health’s Completing a Privacy Impact Assessment: Annotated Template can help assist community-based clinics complete a PIA.

What’s the OIPC’s role?

The Office of the Information and Privacy Commissioner of Alberta (OIPC) has a number of very important responsibilities regarding privacy, some of which include ensuring that health custodians uphold the access and privacy rights outlined in Alberta legislation, advocating for the access and privacy rights of Albertans, and reviewing and investigating privacy concerns.

Another key role the OIPC holds is reviewing and accepting PIAs. 

Who needs a PIA?

Under the Health Information Act (HIA) custodians must submit PIAs to the Commissioner before implementing practices or information systems that will collect, use or disclose health information.

This includes such practices and systems as:

  • Enabling new technology like a virtual appointment, patient portal or secure email
  • Netcare participation
  • Implementing an Electronic Medical Record (EMR)
  • Accessing diagnostic laboratories

Do we need to update our PIA?

If you have adopted new administrative practices or information systems that collect, use or disclose patient information, an amendment to your PIA may be required. This tool can help you determine if a PIA amendment is needed:

Do you need help developing or amending your PIA? This PIA Consultant List may help you hire a professional to assist with the process.  

Find your PIA number

The OIPC has a registry of all accepted PIAs and if you have misplaced your PIA number, it is searchable on their website.

Alberta Medical Association Mission: Advocate for and support Alberta physicians. Strengthen their leadership in the provision of sustainable quality care.