Privacy and Security

Protecting the privacy of Albertans’ is a shared responsibility; we all have a role to play to ensure that personal health information remains safe.

The Health Information Act (HIA) establishes rules to protect the privacy of an individual's health information. It also regulates how health information can be collected, used and disclosed. When health professionals access the provincial EHR, it is considered to be “using” health information, so they must follow the rules set out by the HIA.

The HIA requires custodians (either named health care organizations or named professions in the Health Information Regulation) and affiliates (employees, volunteers, contractors and other authorized people who work for a custodian) to only collect, use and disclose health information in the most limited manner, with the highest degree of anonymity possible and on a need-to-know basis.

The Office of the Information and Privacy Commissioner (OIPC) oversees the HIA and monitors how it is administered in the health system. For more information visit the OIPC website.

Who Is Allowed to Access the EHR?

Only authorized custodians and their affiliates may access health information in Alberta Netcare. The requirements for becoming an authorized custodian are set out in the EHR Regulation.

As part of the registration process, each custodian must complete a series of privacy and security assessments. The custodian signs an Information Manager Agreement (IMA) that commits them and everyone else at the facility to follow all of the rules. The regulations also require health profession regulatory colleges to have standards of practice their members must follow in managing electronic records.

User permission levels
Users are only permitted to access information that is relevant to their role in the health system. This means that access permissions and other security credentials are set up so that users have information on a "need-to-know" basis. Permission levels are established at the time of new user account creation, and are to be verified periodically to ensure that the access is still appropriate for the user’s role.

Information Security

A number of security safeguards are in place to make sure that only authorized users can access the EHR. These include multiple levels of access controls and encryption. The security controls used to protect information in the EHR are based on international standards and best practices.

Privacy Impact Assessment
A Privacy Impact Assessment (PIA) is an important process where the sites’ information custodian identifies and addresses potential privacy risks that may occur at their site. A PIA must be completed whenever personal health information is collected, used, and/or disclosed. Once completed, the PIA is submitted to the Office of the Information and Privacy Commissioner. An OIPC accepted PIA is required before registration can occur. For more information about completing a PIA, go to Step 2 on the Registration/Deployment page.

Secure access
Access to the EHR is provided through secure networks (such as those in Alberta Health Services Facilities) or securely over the internet using two-factor authentication. Two-factor authentication involves a password and ID to be used in conjunction with an authentication device (SecureID remote access fob). Both must be present for the individual to gain access.

Encryption
All electronic messages that are shared are encrypted, which means that the information is encoded to provide a high level of security.

Controls
Additional network security controls include the use of firewalls and an intrusion detection system to alert the appropriate personnel of any unusual activity.

Audit logs
Access to Alberta Netcare is logged and audited, which ensures that the information is accessed appropriately. The AHW Information Compliance and Access Unit will follow up if a breach is suspected.

Penalties
The HIA has established fines for anyone who knowingly collects, uses, or discloses health information or who gains or attempts to gain access to health information in contravention of the HIA. Individuals who breach privacy and access within Alberta Netcare could be subject to criminal charges, fines of up to $100,000, and disciplinary measures within their licensing or professional organizations.

In 2007, a medical office clerk appeared in court and pleaded guilty to charges of improperly accessing another person's medical information through the Alberta Netcare Portal in contravention of the HIA. The medical office clerk was fined $10,000 for the offence.

Masking Information in the EHR

It is important for health professionals to understand that Albertans have the option of requesting that their health information in Alberta Netcare be "masked." This means that the individual’s health information will not be automatically visible when a record is accessed, except for first and last name, date of birth, gender and personal health number. This enables participating custodians and affiliates to actively consider an individual's expressed wish to mask their information through Alberta Netcare.

Requesting a Mask
Requests for masking must be made by a participating information custodian on behalf of the individual. Ideally this should be someone with whom they already have a current care relationship. Before submitting the application, the information custodian must discuss with the individual the consequences of applying and/or rescinding a mask. There may be circumstances where a custodian is unable to authorize that an individual's information be masked, for example, if masking that information could pose a threat to public health and safety. If masking is appropriate then the information custodian can complete and submit the application. A request form is available for users to download from the Alberta Netcare Portal login page.

How does masking work?
When a mask has been applied, the health information contained in the patient's electronic health record will not automatically be displayed. However, authorized health service providers may unmask a record in limited circumstances, such as with the patient's consent or if clinically necessary. All unmasking activity is flagged, electronically logged and may be audited.

Rescinding a mask
An individual may request that a mask be rescinded by contacting a participating custodian. A request to rescind a mask may also be initiated by a health service provider if he or she becomes aware of changing circumstances that affect the individual's eligibility for masking. In this case, custodians or delegates will make every attempt to inform the individual of their decision prior to removal of the mask.

Individuals who would like additional information about masking should contact a participating custodian such as a pharmacist or physician, or contact the Health Information Act Help Desk:

Phone: 780-427-8089 (toll free dial 310-0000 followed by the 10-digit number)
Email: hiahelpdesk@gov.ab.ca

Health service providers can also download a fact sheet titled Protecting Patient Privacy through Masking Information in Alberta Netcare. This resource provides custodians with a summary of GPLM and the application process.