COVID-19 resources Read More
Jane's Guide Here's all the help you need to use Jane.

Privacy: Compliance for Clinics in Alberta

Alberta’s Health Information Act governs how clinics collect and use electronic health information. Under HIA Section 60, clinics who act as custodians of health information have a “duty to protect health information.” Jane can help clinics act as trusted gatekeepers of the health information collected and stored.

Privacy Impact Assessment

The first thing Alberta clinics need to complete is a Privacy Impact Assessment.

What is a Privacy Impact Assessment (PIA)?

(PIA) is a process that assists custodians in reviewing the impact that a new project may have on individual privacy. The process is designed to ensure that the custodian evaluates the program or scheme to ensure technical compliance with the Health Information Act as well as assessing the broader privacy implications for individuals.

Privacy Impact Assessment Requirements

HIA’s Duty to prepare privacy impact assessment:

  • HIA Section 64(1): Each custodian must prepare a privacy impact assessment that describes how proposed administrative practices and information systems relating to the collection, use and disclosure of individually identifying health information may affect the privacy of the individual who is the subject of the information.

  • HIA Section 64(2): The custodian must submit the privacy impact assessment to the Commissioner for review and comment before implementing any proposed new practice or system described in subsection (1) or any proposed change to existing practices and systems described in subsection (1).

Tips for PIA Submission:

  • Submit PIA Questionnaire before implementing Jane.
  • Include Jane’s Privacy Policy and Terms & Conditions as your Information Management Agreement with Jane. These are the agreements you enter into when starting up with Jane.
  • Submit your PIA Questionnaire with a cover letter from the head of your practice/clinic.
  • Submit an updated PIA Questionnaire anytime you change systems for collection and disclosure of health information.

In addition to the PIA, you’ll want to understand the features in Jane that will help you protect the health information of your patients/clients.

Quick List of Jane’s Privacy Controls for Alberta

Jane comes with many technical features to help Alberta clinics meet HIA requirements.

  • Privacy guarantees via Privacy Policy and Terms & Conditions

  • Charts are signed, locked, timestamped, and all changes must be added as signed, dated, and timestamped amendments.

  • Access controls - Jane account owner chooses which staff what access to what information in Jane.

  • Unique passwords - all Jane users are required to login individually, and all of their behaviour in Jane can be identified. Passwords are also easily reset for the highest level of security.

  • Behaviour tracking - logged in, every click of every button is tracked for each user. Clinic owners can audit their Activity Log in Jane and view all activity for all users or filter the report to see what health information a particular staff member accessed over a specific time frame.

  • Administrative, physical, and technical safeguards

  • Jane securely stores health information in secured SOC2 Type2-certified data centers, and all data is backed up regularly on secondary servers.

  • Search and tag health information for easy retrieval

  • Flexible charting to meet regulatory requirements

  • Limited ability to delete patient profiles and charts for which health information has been added

  • Controlled disclosure and sharing of health information: patients, charts

  • Keyboard shortcut that blurs patient names on the schedule - in case someone likes to look over your shoulder while rebooking

  • Data is saved in real time as you add it to Jane.

For detailed information on these features and more, have a look at Jane’s List of Security Features. You can also read more about HIA directly from Alberta’s Health Information Act Guidelines and Practices Manual.