Privacy and Security Management

Alberta has rigorous privacy requirements for patient health information.  EMRs add a level of complexity by introducing a new system for managing records and an association with a vendor. 

This section provides resources to assist with your privacy knowledge and ongoing self-assessment of your clinic’s privacy practices.

Privacy Officer Handbook PDF icon

This handbook presents the various duties a privacy officer must assume in a clinic and provides useful information about how privacy officers can meet the expectations that come with this role. 

Privacy Officer Training – This training is on the importance of privacy at your clinic and minimizing the risk of your patients' privacy being violated. It will take approx. 90 minutes to complete.

Privacy Self-Assessment (.docx) Privacy self-assessments are conducted by clinics to determine if there are gaps in a clinic’s privacy policies, practices and procedures.This document is a tool to help analyze privacy policies and risks, and develop improvements and controls to reduce risks. 
Security Self-Assessment (.docx) Security self-assessments are conducted by clinics to determine if there are gaps in a clinic’s security policies, practices and procedures. This document is a tool to help determine if there are gaps in a clinic’s security policies, practices and procedures. 
General Privacy Training PDF icon   The purpose of this general privacy training is to provide a resource for clinicians and staff to ensure their privacy and training knowledge is in line with the Alberta Health Information Act (HIA). 
Physician Privacy Training PDF icon

Research shows that when physicians take privacy rights seriously in their practice, they establish an atmosphere of trust that keeps patients loyal and attracts the best employees. When physicians establish a comprehensive privacy policy that patients and employees can understand, they are also less likely to become involved in a privacy dispute. Furthermore, under the Health Information Act (HIA), physicians are required to have privacy and security policies and procedures in place in their clinic.

The purpose of the training document is to provide a resource for physicians to ensure their privacy and security knowledge is up to date and in accordance with Alberta's HIA.

Business Continuity Plan PDF icon A business continuity plan (BCP) assists organizations in planning for immediate and long-term response to adverse events and disasters. For physicians and clinics, BCPs outline the actions necessary to ensure continuance of patient care and business operations. This document is a summary of content that should be addressed when you develop your business continuity plan.