As custodians of health data, physicians are responsible for ensuring the privacy, confidentiality and security of personal health information. Tools and guidelines have been created to assist custodians in meeting their privacy obligations and ensuring compliance with the Health Information Act (HIA) and to help them build strong Clinic Privacy and Security Programs.
Agreements
Having agreements in place is a necessary step for any clinic working with outside vendors and organizations. It is important to ensure that you are using the correct agreements and that they are periodically reviewed, especially when changes are made.
Information Manager Agreement
An Information Manager Agreement (IMA) is a legislative requirement under the HIA between custodians and Information Manager(s).
An Information Manager is defined in the HIA as a person or body that:
- Processes, stores, retrieves or disposes of health information
- In accordance with the regulations, strips, encodes or otherwise transforms individually identifying health information
- Provides information management or information technology services.
Information Manager Agreement – this agreement is used between clinics and external vendors who provide health information management and technology services. (e.g. EMR vendors, IT providers, shredding companies, etc.)
Information Sharing Agreement
An Information Sharing Agreement (ISA), as per the standards of the College of Physicians & Surgeons of Alberta (CPSA), is the legal contract that defines the data stewardship rules and processes that the parties have agreed to.
Many physicians enter practice and share patient charts without considering what happens to the records when one of their colleagues leaves or when there is a change in management/ownership of the clinic. When forming or joining a clinic, physicians need to ensure they have an ISA that:
- Ensures all professional obligations and legal duties related to the use and disclosure of records are fulfilled.
- Outlines the terms and conditions of the exchange (sharing) of custodian duties in a common manner within a shared patient record environment.
- Helps guide issues pertaining to the management, security requirements, and professional responsibilities relating to the sharing of patient records.
- Outlines what will happen to the patient records as custodians enter and leave the clinic.
Information Sharing Agreement – this agreement is used within a clinic for the sharing of patient information in an EMR.
Information Manager Agreement
Information Manager Agreement
Information Management AgreementThis agreement is used between clinics and external vendors who provide health information management and technology services. (e.g. EMR vendors, IT providers, shredding companies, etc.)