Developing and Implementing a Clinic Privacy Program A dentist in Alberta is required to comply with the HIA and in order to do so, dentist’s need to go beyond just protecting the patient’s confidentiality, dentists also need to develop and participate in an ongoing privacy program that addresses accountability, information flow, right of access and security. Steps for the Development of a Privacy Program: It basically tells you the order of what to read and what to do. 1. 2. 3. 4. 5. 6. 7. Read the “Toolkit for Alberta Dentists” Complete “Site Privacy and Security Inspection” Complete “Health Information Registry” Complete “Clinic Privacy Assessment” Develop Privacy Policy Complete a Privacy Impact Assessment (PIA) if necessary. Appendix 1: Alberta Dental Association and College; Standard of Practice: Privacy and Management of Patient Health Information 8. Appendix 2: Alberta Dental Association and College; Guide for the Alberta Health Information Act Privacy and Confidentiality 9. Appendix 3: Privacy Impact Assessment Requirements OIPC. 1. The Toolkit is a 10 to 15 minute read in order to understand the basics required of a dental office. 2. The Site Privacy and Security Inspection is used to assess the current status of privacy practice and protection in specific areas of each dental office. Since most dental offices have similar spaces, there are examples provided of the information that is being looked for. This should help offices customize these pages in a matter of 30 to 45 minutes. Blank pages could be provided on the member’s website (if a dental office prefers to fill out every detail on their own) along with copies of a completed assessment that offices could customize if they prefer that route. 3. The Health Information Registry relates to what health information dentists have and how it is handled. It provides a basic description of health information in the dental clinic organized by function. (Ex. Patient files, practice billing system). Again, an example has been given to follow through and an office should be able to look at this and adopt what is appropriate and customize the rest within an hour. 4. Clinic Privacy Assessment identifies how and how well the dental clinic currently meets the Standard and, if there are significant gaps between the current state and the Standard. Basically, the site privacy and security inspection and the health information registry is done and now the dentists are doing a comprehensive assessment of the clinics current practices and systems to see how they compare to the Standard. Again, examples are given that will help the offices understand what is being asked of them. Clinics should allow about 1.5 hours to customize these forms for their particular situation. 5. Develop Privacy Policy: Each dental office must write a well-developed and Clinic specific Policies as an essential part of the dentist’s ability to comply with the HIA. Since these Policies are going to be the same for most dental offices in Alberta, these Policies have been made up into a manual (Information Privacy and Security Policies document) that each clinic can customize (with their name) throughout. This should take about a half an hour. A dental office should be able to become compliant by using the information provided in a period of about 3.5 to 4.5 hours. 6. Privacy Impact Assessment: A Privacy Impact Assessment is an assessment of the custodian’s compliance with the Health Information Act with respect to proposed new or changed administrative practices and information systems relating to the collection, use and disclosure of health information. When necessary a custodian must prepare a Privacy Impact Assessment and submit it to the Alberta Office of the Information and Privacy Commissioner prior to implementing the change in practice or system. Page 10 and 11 of the Privacy Impact Assessment Requirements document (Appendix 3) has examples of when to consider doing a PIA and examples of when a PIA is not necessary. For more information on PIAs see the Alberta Office of the Information and Privacy Commissioner (OIPC) website http://www.oipc.ab.ca. Appendix 1: Alberta Dental Association and College; Standard of Practice: Privacy and Management of Patient Health Information Appendix 2: Alberta Dental Association and College; Guide for the Alberta Health Information Act Privacy and Confidentiality The Guide assists with implementation the Standard of Practice and meeting the requirements of the Alberta Health Information Act.. The Guide can be used as a resource for additional information in the development of a Privacy Policy. Appendix 3: Privacy Impact Assessment Requirements OIPC
© Copyright 2024 ExpyDoc
