Privacy Impact Assessment (PIA)

Section 64 of the Health Information Act (HIA) requires via mandate, a submission of a Privacy Impact Assessment (PIA) for review by the Office of the Information and Privacy Commissioner (OIPC).

Because privacy is risky business for all involved, it’s important to know where your organization or business wants to ultimately be, as well as where you currently measure on a Privacy Gap Assessment.

There are a number of laws and jurisdictions involved, making it difficult to understand where to even start. Our team would begin with an assessment process to review the current state of your privacy compliance and provide you with a comprehensive audit report.

Section 2 of the Health Information Act Regulation (HIAR) designated certain health professionals as custodians, they are:

  • Regulated members of the Alberta College of Pharmacists;

  • Regulated members of the Alberta College of Optometrists;

  • Registered members of the Alberta Opticians Association;

  • Regulated members of the Alberta College and Association of Chiropractors;

  • Regulated members of the College of Physicians and Surgeons of the Province of Alberta;

  • Registered members of the Alberta Association of Midwives;

  • Registered members of the Alberta Podiatry Association;

  • Regulated members of the College of Alberta Denturists;

  • Regulated members of the Alberta Dental Association and College (as of March 1, 2011):

  • Regulated members of the College of Registered Dental Hygienists of Alberta (as of March 1, 2011); and

  • Regulated members of the College and Association of Registered Nurses of Alberta (as of September 1, 2011).

The Privacy Impact Assessment will advise you on potential risks related to privacy and mitigation recommendations to ensure your organization meets current privacy standards.

The systematic process to determine if basic privacy requirements are met, can be an extremely effective process and proactive tool to grow from while building privacy into your organizations structure and establishing ongoing accountability.

Privacy Impact Assessments (PIAs) under POPA

With the Protection of Privacy Act (POPA) now in effect, organizations and public bodies in Alberta are required to assess how personal information is collected, used, disclosed, and protected. A Privacy Impact Assessment (PIA) is a critical tool to ensure compliance and to identify potential privacy risks before they become issues.

A PIA helps your organization understand:

  • Where you currently stand in meeting privacy obligations
  • Where you want to be to achieve full compliance
  • Potential risks associated with personal information management
  • Mitigation strategies to reduce privacy exposure

Because privacy involves multiple laws and oversight requirements, it can be challenging to know where to start. Our team guides organizations through a systematic PIA process, reviewing your current privacy practices, policies, and procedures. We provide a comprehensive audit report with actionable recommendations to bring your organization in line with POPA standards and best practices.

Under POPA, all public bodies are required to consider privacy risks when introducing new programs, systems, or technologies that handle personal information. Conducting a PIA ensures that privacy is built into your operations from the start, rather than being an afterthought.

A well-conducted PIA not only protects your organization and the people you serve but also creates an ongoing framework for accountability, helping you manage privacy proactively as your organization evolves.