Agreements and Data Sharing

Data sharing is critical to building an effective health system but must be done securely and follow all privacy laws. Clinics who work with external vendors and providers need to understand their obligations for protecting health information.

As custodians of health data, physicians are responsible for ensuring the privacy, confidentiality and security of personal health information. Tools and guidelines have been created to assist custodians in meeting their privacy obligations and ensuring compliance with the Health Information Act (HIA) and to help them build strong Clinic Privacy and Security Programs.

Agreements

Having agreements in place is a necessary step for any clinic working with outside vendors and organizations. It is important to ensure that you are using the correct agreements and that they are periodically reviewed, especially when changes are made.

Information Manager Agreement

An Information Manager Agreement (IMA) is a legislative requirement under the HIA between custodians and Information Manager(s).

An Information Manager is defined in the HIA as a person or body that:

Processes, stores, retrieves or disposes of health information
In accordance with the regulations, strips, encodes or otherwise transforms individually identifying health information
Provides information management or information technology services.

Information Manager Agreement – this agreement is used between clinics and external vendors who provide health information management and technology services. (e.g. EMR vendors, IT providers, shredding companies, etc.)

Information Sharing Agreement

An Information Sharing Agreement (ISA), as per the standards of the College of Physicians & Surgeons of Alberta (CPSA), is the legal contract that defines the data stewardship rules and processes that the parties have agreed to.

Many physicians enter practice and share patient charts without considering what happens to the records when one of their colleagues leaves or when there is a change in management/ownership of the clinic. When forming or joining a clinic, physicians need to ensure they have an ISA that:

Ensures all professional obligations and legal duties related to the use and disclosure of records are fulfilled.
Outlines the terms and conditions of the exchange (sharing) of custodian duties in a common manner within a shared patient record environment.
Helps guide issues pertaining to the management, security requirements, and professional responsibilities relating to the sharing of patient records.
Outlines what will happen to the patient records as custodians enter and leave the clinic.

Information Sharing Agreement – this agreement is used within a clinic for the sharing of patient information in an EMR.

Information Manager Agreement

This agreement is used between clinics and external vendors who provide health information management and technology services. (e.g. EMR vendors, IT providers, shredding companies, etc.)

Was this page helpful?

Where could we improve? *

I couldn't find what I was looking for on this page
The page content is outdated or not accurate
The page information was hard to navigate to
The page content was difficult to understand

Other comments

Submissions here do not receive a response. If you have urgent concerns or require assistance please Contact Us.

Thank you for your feedback and help in making our website better.