Privacy and Security Prerequisites

The purpose of this page is to summarize the PIA process for CII participants and to summarize the PIA for CII and addendums prepared by Alberta Health on behalf of participating custodians. The intended audience is custodians who have already met the administrative and technical requirements to participate in the CII initiative and who are now preparing a PIA submission. (There are other basic technical and administrative requirements that custodians must meet to participate in the CII initiative, outlined in the frequently asked questions documents found here.)

Please refer to the CII/CPAR PIA Summary and Expedited PIA instructionsfor complete details.

Privacy and Security

Any person or organization in Alberta who gathers health care information is required by the Health Information Act to file a Privacy Impact Assessment (PIA) with the Office of the Information and Privacy Commissioner (OIPC) and to keep it current.

Clinic PIA

It is a prerequisite for the participation in CII/CPAR that the clinic PIA reflects the current clinic environment. If the clinic PIA is not up to date, or you are not sure, there is a self-assessment tool to assist you.

PIA Requirements for Participating Clinics Changing EMR Product

Please refer to this FAQ for details.

CII/CPAR Endorsement Letter

As part of participating in CII/CPAR custodians are asked to sign an endorsement letter stating that the custodian understands and agrees that their EMR provider will make changes to their EMR in order to share information with CII/CPAR and Alberta Netcare.

Endorsement letter templatesare available for Primary Care and Specialist clinics.

Additional information can be found here:

For more complete CII/CPAR Privacy Tools and Information, or to enroll in CII/CPAR, please visit: