2024/2025 Membership Renewal is now open!

Privacy and Security Risk Assessment

Privacy and security risk assessments are conducted by clinics to determine if there are gaps in a clinic’s privacy and security policies, practices and procedures. It will help fulfil the custodians’ obligations under the Alberta Health Information Act (HIA) to periodically ensure that proper safeguards for protecting information are in place.

Objectives

The purpose of the privacy and security risk assessments are to:

  • Enable a clinic to analyze its privacy and security policies, procedures and practices.
  • Identify privacy and/or security risks and determine if clinic controls are in place to mitigate those risks.
  • Develop and implement privacy and security improvements and controls where necessary to reduce clinic privacy and security risks.

Instructions to use

This assessment presents a series of risks and questions that will help the clinic determine if key privacy risks are being addressed. The risks are organized under:

  • Physical Environment Risks & Physical Safeguards
  • People Risks & Administrative Safeguards
  • Technology Risks & Technical Safeguards

Guidance about what risk you are assessing and mitigating are provided in each section. This tool will assist you in developing a plan to help ensure that appropriate safeguards are in place. It is recommended that you keep or save the completed tool in a safe place as it provides documentation that the risk assessment was completed and the action plan that was created. This privacy and security risk assessment is intended to be completed on a regular basis (e.g., annually).

Download PDF