For the privacy and security of health information in British Columbia, private practitioners must follow the Personal Information Protection Act (PIPA). This is BC’s private sector privacy law, and has been deemed “substantially similar” to PIPEDA. PIPA sets the rules for the collection, use and disclosure of personal information and personal employee information by private sector organizations in British Columbia.
Owl and PIPA
Individuals have a number of rights under PIPA - here are some relevant to Owl:The right to request access to your personal health information: Extensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
PIPA requires organizations to take reasonable security measures against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of information. Here are some of the safeguards they suggest, and how they relate to Owl:
- technological security, such as password protection and encryption on computers and mobile devices: Owl helps practices achieve this security through our own security measures. At Owl, we use bank-level encryption (SSL) to encrypt all data that moves between our secure and dedicated servers and the device and browser on which a clinician accesses their Owl Practice account. Data that is encrypted between our secure and dedicated servers and the device and browser on which a clinician accessing their Owl account is done using SHA256 with RSA. We continuously test our systems to ensure all of our encryption layers have the most up-to-date patches for any vulnerabilities that surface over time (example: Heartbleed/CVE-2014-0160).
- administrative security, such as confidentiality agreements and terms of use for information technology, and a role based access to any systems that means employees are only provided access to the information they need to do their job: Owl’s User Types allow practices to achieve this security, as Office Admin and Therapist Users can be limited from accessing certain types of information in the practice that they may not need access to.
Other Legislation
Other acts that may be potentially relevant to clinics in British Columbia are:- The Freedom of Information and Protection of Privacy Act, British Columbia’s public sector privacy law;
- The E-Health (Personal Health Information Access and Protection of Privacy) Act, British Columbia’s privacy law relating to health records.