07 Aug Privacy Impact Assessment for Dental Offices
What is a Privacy Impact Assessment?
A Privacy Impact Assessment or PIA identifies the personally identifiable information collected from patients, the intended use of the information, who it is being shared with and how it is safe guarded.
Most dental offices are aware that they need to complete a Privacy Impact Assessment (PIA) and have either completed it or have begun to think about it. The entire process can seem daunting. I know when I first undertook the submission process a few years ago, I was overwhelmed by the amount of information to sift through.
A common question asked of us is “What is the process for completing and submitting the Privacy Impact Assessment?”
There’s no simple answer but I will provide a brief review of the process for you.
The first step is team training!
We spend approximately three hours with the team during the training session. It’s a very important first step as the team is very involved in the collection, use and protection of patient information. The training lays the groundwork for them to learn about the Health Information Act and to ask any questions they may have. At this time, a Privacy Officer will be designated if one is not already in place. The Privacy Officer is responsible for helping to follow the guidelines laid out in the Health Information Act as well as to ensure current and new employees are well versed and trained on the subject.
After the team training is completed, we schedule time with the designated Privacy Officer to review and assess the current practices of the dental office. During this time, we identify any third party that may have access to, or is storing, a patient’s health information. Together we identify any areas of risk in the practice and make a plan to remedy those. Once that has been completed, we begin the process of obtaining agreements from any party with access to the patient’s health information. These agreements are in place to ensure your patient’s information is kept confidential.
Lastly, once the agreements have been obtained, the PIA is created.
The PIA is a practice specific document containing information which includes the patient information that is collected, the intended use of the information, where the information is being stored, who has access to the information, and the agreements with anyone who has access to your patient information.
Once the PIA has been finalized it is sent to the Office of the Information and Privacy Commissioner of Alberta for approval.
And that’s it, sounds simple, right?!
Not really, but that is the reason most dentist have enlisted the help of others to undertake this complex process. Luckily, the team at Tayden Consulting has successfully submitted several PIA’s for dental offices and we are here to help!
If it’s out of your hands, it deserves freedom from your mind too.
Our team of Dental Consultants, at Tayden Consulting Inc., specialize in providing,
hands-on, on-site coaching on how to create the optimal experience
for your patients.
Contact us today for a free consultation! We look forward to meeting you.