Protecting the privacy of Albertans is a shared responsibility

Privacy: Every individual has a right to the privacy and protection of their personal health information. The Health Information Act (HIA) requires custodians and affiliates to collect, use and disclose health information in the most limited manner, with the highest degree of anonymity possible and only on a need-to-know basis.

Security: Based on international standards and best-practice, a number of security safeguards are in place to protect patient information and information systems from unauthorized access, misuse, disclosure, modification or destruction. These include access controls, audit logs, encryption and monitoring.  

Confidentiality: Preserving confidentiality involves ensuring that only authorized health service providers can use or access a person's health information. Custodians have an obligation to maintain the trust-relationship between those supplying health information and the individual or organization collecting it.

To learn more on Privacy & Security in Alberta Netcare, visit the Alberta Netcare EHR's Privacy and Security page. There, you will find more information on who is allowed to access the Electronic Health Record (EHR) and information security within Alberta Netcare. 

Alberta's Health Information Act

The Health Information Act (HIA)  establishes rules to protect the privacy of an individual's health information. It also regulates how health information can be collected, used and disclosed. It is considered to be "using" health information every time a health professional accesses Alberta Netcare, so they must follow the rules set out by the HIA.

OIPC

The Office of the Information and Privacy Commissioner (OIPC) oversees compliance with the HIA and monitors how it is administered in the health system. For more information, visit the OIPC website .

 

Information Security

A number of security safeguards are in place to make sure that only authorized users can access the EHR. These include multiple levels of access controls and encryption. The security controls used to protect information in the EHR are based on international standards and best practices.

Secure Access

Access to the EHR is provided through secure networks (such as those in Alberta Health Services Facilities) or securely over the internet using two-factor authentication. Two-factor authentication involves a password and ID to be used in conjunction with an authentication device (SecureID Remote Access Token). Both must be present for the individual to gain access.

Encryption

All electronic messages that are shared are encrypted, which means that the information is encoded to provide a high level of security.

Controls

Additional network security controls include the use of firewalls and an intrusion detection system to alert the appropriate personnel of any unusual activity.

Audit Logs

Access to Alberta Netcare is logged and routinely audited, ensuring that the information is accessed appropriately. The Alberta Health Privacy and Security Unit will follow up if a breach is suspected. It can also be audited at the request of a patient, physician or authorized custodian.

By accessing Alberta Netcare, you agree to be bound by the Terms of Use and Disclaimer as noted on the Alberta Netcare Portal login page, and to comply with all relating legislation.



Penalties

The HIA establishes penalties for anyone who knowingly collects, misuses or discloses health information and/or who gains or attempts to gain access to health information in contravention of it. Penalties include criminal charges, fines up to $100 000 or disciplinary measures within their licensing or professional organizations.

Regulated healthcare professionals in Alberta are bound by the statutes, regulations and standards of their professional regulatory body. They are also bound by the Alberta Health Professions Act.

Professional regulatory bodies conduct investigations into complaints made about members, and the penalties imposed must meet the objective of public protection. Such penalties can include the suspension of practice permits in addition to significant financial fines.

For detailed examples on penalties, please visit https://oipc.ab.ca/news/news-releases



Access permission levels

Only authorized custodians and their affiliates may access health information in Alberta Netcare. The requirements for becoming an authorized custodian are set out in the EHR Regulation.

As part of the registration process, each custodian must complete a series of privacy and security assessments. The custodian signs an Information Manager Agreement (IMA), through which they agree to comply with the rules related to the access and use of health information in Alberta Netcare. The regulations also require a health profession's regulatory colleges to have standards of practice governing how their members manage electronic records, prior to members of that profession gaining access to Alberta Netcare and becoming an authorized custodian.


User permission levels

Users are only permitted to access information that is relevant to their role in the health system. This means that access permissions and other security credentials are set up so that users have information on a "need-to-know" basis. Permission levels are established at the time of new user account creation, and are to be verified periodically to ensure that the access is still appropriate for the user’s role.

 



If you require support, please visit our Contact Us page.