2024/2025 Membership Renewal is now open!

Breach Management Policy

A Breach Management Policy is a formal set of procedures and guidelines established by a clinic to effectively respond to and manage data breaches. This policy outlines the steps to take when a breach occurs, aiming to minimize damage, ensure compliance with legal and regulatory requirements, and protect the affected individuals' data.

Your clinic policies need to be updated to reflect the mandatory breach reporting requirement that was put in place August 31, 2018. These must also be included with your Privacy Impact Assessment (PIA) or PIA amendment to the Office of Information and Privacy Commissioner of Alberta (OIPC). This can be sent as a stand-alone document or included with an amendment of a system change, affiliate change or minor updates to the OIPC. It is important to review privacy policies regularly and communicate new and existing policies to staff and affiliates in your clinic.

When submitting an amendment to the OIPC please include the following:

  • Health Information Act (HIA) Privacy Breach Management Policy
  • Risk of Harm Checklist
  • OIPC Breach Reporting Form – this form is to be utilized when reporting a breach to the OIPC.

Instructions to use

These instructions are meant to assist you with making this document your own and to fulfill your obligations under the Health Information Act.

Please read the information in this policy throughout carefully, as these must be followed to be compliant with the Health Information Act. You can add items that are specific to your clinic for clarity. It is important to communicate this policy with everyone in the clinic to ensure they are aware of it and follow the processes outlined in the Act. 

Download PDF