The Personal Information Protection Act (PIPA)
For the privacy and security of health information in Alberta, private practitioners must follow the Personal Information Protection Act (PIPA). This is Alberta’s private sector privacy law, and has been deemed “substantially similar” to PIPEDA. PIPA sets the rules for the collection, use and disclosure of personal information and personal employee information by private sector organizations in Alberta.Owl and PIPA
Individuals have a number of rights under PIPA - here are some relevant to Owl:- Mandatory Breach Reporting: While we take significant and extensive measures to ensure a security breach could never occur, if one was to take place, we would of course notify our customers.
- The right to request access to your personal health information: Extensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
“Organizations must develop policies and practices including those that protect personal information. These policies should be available in writing for an organization to provide to individuals, if requested. They should include information about how the organization handles and protects information in its care. For example:
- physical security, such as locked doors and alarms
- technological security, such as password protection and encryption on computers and mobile devices
- administrative security, such as confidentiality agreements and terms of use for information technology
- how your organization will manage privacy breaches
- how your organization will meet your breach notification requirements
- how your organization processes access requests
- how your organization responds to inquiries and complaints” - Source
Other Legislation
Other acts that may be potentially relevant to clinics in Alberta are:- The Health Information Act, Alberta’s privacy law relating to health records.
- The Freedom of Information and Protection of Privacy Act, Alberta’s public sector privacy law