Jane's Guide Here's all the help you need to use Jane.

Privacy: Compliance for Clinics in Alberta

The legislation that is applicable to clinics in Alberta will depend on the type of practice that you’re running. Alberta’s Health Information Act is the most prescriptive legislation but it only applies to a select group of practitioners who are designated as “custodians” under the Act. For typical Jane customers, this just includes chiropractors but you can view the full list of practitioners in Section 2(1) and 2(2) of the Health Information Regulation. Under HIA Section 60, clinics who act as custodians of health information have a “duty to protect health information.” Jane can help clinics act as trusted gatekeepers of the health information collected and stored.

For other practitioners not covered by the Health Information Act, Alberta’s Personal Information and Protection Act will apply.

Privacy Impact Assessment

For practitioners who are governed by the Health Information Act, you will need to complete a Privacy Impact Assessment. The Alberta Privacy Commissioner’s Office makes it clear that PIA is voluntary for other organizations not regulated by the Health Information Act:

“The submission of a PIA to the OIPC is voluntary for public bodies and private sector organizations. There are no PIA requirements under the Freedom of Information and Protection of Privacy Act and Personal Information Protection Act. The OIPC encourages public bodies and private sector organizations to submit PIAs for projects that involve the collection, use and disclosure of personal information, particularly with respect to information sharing initiatives involving multiple parties.”

What is a Privacy Impact Assessment (PIA)?

(PIA) is a process that assists custodians in reviewing the impact that a new project may have on individual privacy. The process is designed to ensure that the custodian evaluates the program or scheme to ensure technical compliance with the Health Information Act as well as assessing the broader privacy implications for individuals.

Privacy Impact Assessment Requirements

HIA’s Duty to prepare privacy impact assessment:

  • HIA Section 64(1): Each custodian must prepare a privacy impact assessment that describes how proposed administrative practices and information systems relating to the collection, use and disclosure of individually identifying health information may affect the privacy of the individual who is the subject of the information.

  • HIA Section 64(2): The custodian must submit the privacy impact assessment to the Commissioner for review and comment before implementing any proposed new practice or system described in subsection (1) or any proposed change to existing practices and systems described in subsection (1).

Tips for PIA Submission:

  • Submit PIA Questionnaire before implementing Jane.
  • Include Jane’s Privacy Policy and Terms & Conditions within your PIA, and reach out to the Jane Team so that we can provide you with an Information Management Agreement as well. These are the agreements you enter into when starting up with Jane.
  • Submit your PIA Questionnaire with a cover letter from the head of your practice/clinic.
  • Submit an updated PIA Questionnaire anytime you change systems for collection and disclosure of health information.

In addition to the PIA, you’ll want to understand the features in Jane that will help you protect the health information of your patients/clients.

Quick List of Jane’s Privacy Controls for Alberta

Jane comes with many technical features to help Alberta clinics meet both PIPA and HIA requirements.

  • Privacy guarantees via Privacy Policy and Terms & Conditions

  • Charts are signed, locked, timestamped, and all changes must be added as signed, dated, and timestamped amendments.

  • Access controls - Jane account owner chooses which staff what access to what information in Jane.

  • Unique passwords - all Jane users are required to login individually, and all of their behaviour in Jane can be identified. Passwords are also easily reset for the highest level of security.

  • Behaviour tracking - logged in, every click of every button is tracked for each user. Clinic owners can audit their Activity Log in Jane and view all activity for all users or filter the report to see what health information a particular staff member accessed over a specific time frame.

  • Administrative, physical, and technical safeguards

  • Jane securely stores health information in secured SOC2 Type2-certified data centers, and all data is backed up regularly on secondary servers.

  • Search and tag health information for easy retrieval

  • Flexible charting to meet regulatory requirements

  • Limited ability to delete patient profiles and charts for which health information has been added

  • Controlled disclosure and sharing of health information: patients, charts

  • Keyboard shortcut that blurs patient names on the schedule - in case someone likes to look over your shoulder while rebooking

  • Data is saved in real time as you add it to Jane.

For detailed information on these features and more, have a look at Jane’s List of Security Features. You can also read more about HIA directly from Alberta’s Health Information Act Guidelines and Practices Manual.