Privacy Impact Assessments (PIA) are a crucial tool for clinics to identify and mitigate potential privacy and security risks. The AMA has compiled a list of privacy consultants who can assist your community-based clinic with developing a PIA, if you choose to independently hire a consultant.
Disclaimer:
These consultants and companies are not endorsed by the AMA, nor were they required to provide samples of their work as part of a vetting process.
Steps for Selecting a PIA Consultant
-
Assess
Determine what support is needed with this Self-Assessment Tool.
-
Review
Review the list of PIA consultants and relevant information.
-
Referrals
Speak to colleagues who have worked with a PIA consultant in the past. Great service in the past is the best predictor of future success.
-
Interview
Interview a few PIA consultants and complete reference checks, especially if the consultant was not referred by a colleague. Ensure the consultant has experience in developing PIAs for community-based medical clinics.
-
Select
Select a PIA consultant who is best able to meet the needs you have identified in Step 1 and has experience with clinics like yours.
-
Agreement
Agree on the terms of the service ahead of time and develop a service agreement.
Sample Interview Questions
- Do you do a comprehensive review of the clinic's security and privacy context? How is this done?
- Do you work with clinic physicians or someone in the clinic to complete the PIA? How do you typically inform the whole team about your work and process?
- What are your timelines for completing a PIA?
- What kind of training do you provide?
- What other services do you provide in addition to the PIA? Does that cost more?
- How much do your services cost? Please describe your cost structure.
- Can you provide references of other physicians you've done PIA work for in Alberta?
| Company Contact | Cost of PIA Development | Cost of PIA Implementation Training | Number of Accepted PIAs | Timeline to Deliver PIA |
|
Andy Igonor, CISM, CPHIMS |
$750-$1250 | N/A | 40-99 | 0-2 weeks |
| Atlas Privacy Services Donna Brock, CIAPP-C CIPP/C (403) 200-5484 [email protected] |
$750-$1250 | $250 - $500 plus expenses |
40-99 | 1-3 weeks |
| Brightsquid Secure Communications Corp. Candace Jensen, CAPP, CIAPP-C, CIAPP-P, HIPAA, MAPP [email protected] |
$1251-$1750 | Included | 100+ | 0-2 weeks |
| DBI Consulting Ltd. Dave Brochu, CIAPP-P (780) 232-0031 [email protected] |
$750-$1250 | $250 - In person $100 - Virtual |
100+ | 0-2 weeks |
|
Information Managers Ltd. |
$1751-$2500 | Included | 100+ | 2-4 weeks |
| Ingrid M. Ruys, CIAPP-P, HIPAA, MAPP (780) 953-6783 [email protected] |
$750-$1250 | Included | 100+ | 0-2 weeks |
|
LemonLogix Health Information Services |
$1251-$1750 | $35 - $125/person + GST |
40-99 | 1-3 weeks |
| Malabar Consulting Ltd Michael Luxton, CIAPP-P (403) 472-2077 [email protected] |
$750-$1250 | Included; Clinic Training – $250 + GST/1.5 hrs |
100+ | 0-2 weeks |
|
Lila Privacy Consulting |
$1251-$1750 | $250+ | 40-99 | 3-6 weeks |
|
PrivacyCAN |
$750-$1250 | Included | 100+ | 0-2 weeks |
|
Raven Medical Management Inc. |
$750-$1250 | N/A | 100+ | 2-4 weeks |
|
VJ Consulting |
$750-$1250 | N/A | 100+ | 1-2 weeks |
- CHIM (Certified Health Info Management)
- CIAPP-P/C (Canadian Institute of Access and Privacy Professionals - Professional/Certified)
- CIPM (Certified Info Privacy Manager)
- CIPP/C (Certified Info Privacy Professional/Canada)
- CIPT (Certified Info Privacy Technologist)
- CISM (Certified Info Security Manager)
- CISSP (Certified Info Systems Security Professional)
- CPHIMS (Certified Professional in Health Info Management Systems)
- FIP (Fellow of Info Privacy)
- HIPAA (Health Insurance Portability and Accountability Act)
- M/C-APP (Masters/Chartered-Access and Privacy Professional)
Learn@AMA Training
Enrol your medical clinic in AMA's free privacy training tailored to physician, privacy officer and staff roles through Learn@AMA sign-up your whole community-based clinic team today!
Enrol Today!Developed by
