A privacy impact assessment (PIA) is a due diligence exercise in
which a custodian of health information identifies, analyzes and
addresses potential privacy risks that might occur in the course of
a clinic's operations. For example, there is potential for privacy
risk in administrative practices and within information systems
relating to the collection, use or disclosure of individually
identifying health information.
Not only is a PIA conducted to inform a specific project such as
the implementation of a new medical record system, but it can also
be used to examine organization-wide practices that may have an
impact on privacy.
A PIA provides documented assurance to your clinic, the Office
of the Information and Privacy Commissioner (OIPC) of Alberta and
the public that all privacy issues related to a particular
initiative have been identified and addressed. A PIA is also a
mandatory exercise for each Physician Office System Program (POSP)
clinic during the transition to a qualified electronic medical
record solution. During the development of the PIA, a POSP resource
assists the clinic in reviewing and documenting the physicial,
technical and administrative privacy and security functions.
For more information, contact OIPC at 780.422.6860 or visit the