Privacy and security risk assessments are conducted by clinics to determine if there are gaps in a clinic’s privacy and security policies, practices and procedures. It will help fulfil the custodians’ obligations under the Alberta Health Information Act (HIA) to periodically ensure that proper safeguards for protecting information are in place.
Objectives
The purpose of the privacy and security risk assessments are to:
- Enable a clinic to analyze its privacy and security policies, procedures and practices.
- Identify privacy and/or security risks and determine if clinic controls are in place to mitigate those risks.
- Develop and implement privacy and security improvements and controls where necessary to reduce clinic privacy and security risks.
Instructions to use
This assessment presents a series of risks and questions that will help the clinic determine if key privacy risks are being addressed. The risks are organized under:
- Physical Environment Risks & Physical Safeguards
- People Risks & Administrative Safeguards
- Technology Risks & Technical Safeguards
Guidance about what risk you are assessing and mitigating are provided in each section. This tool will assist you in developing a plan to help ensure that appropriate safeguards are in place. It is recommended that you keep or save the completed tool in a safe place as it provides documentation that the risk assessment was completed and the action plan that was created. This privacy and security risk assessment is intended to be completed on a regular basis (e.g., annually).
Learn@AMA Training
Enrol your medical clinic in AMA's free privacy training tailored to physician, privacy officer and staff roles through Learn@AMA sign-up your whole community-based clinic team today!
Enrol Today!- Assessing Risk and Implementing Safeguards
- Five Steps to Minimize Privacy Breaches
- Access to Health Information Policy
Developed by
