[CAD] Compliance with Privacy Laws in Alberta (PIPA)

The Personal Information Protection Act (PIPA)

For the privacy and security of health information in Alberta, private practitioners must follow the Personal Information Protection Act (PIPA). This is Alberta’s private sector privacy law, and has been deemed “substantially similar” to PIPEDA. PIPA sets the rules for the collection, use and disclosure of personal information and personal employee information by private sector organizations in Alberta.

Owl and PIPA

Individuals have a number of rights under PIPA - here are some relevant to Owl:
  • Mandatory Breach Reporting: While we take significant and extensive measures to ensure a security breach could never occur, if one was to take place, we would of course notify our customers.
  • The right to request access to your personal health informationExtensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
PIPA requires organizations to take reasonable security measures against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of information.

“Organizations must develop policies and practices including those that protect personal information. These policies should be available in writing for an organization to provide to individuals, if requested. They should include information about how the organization handles and protects information in its care. For example:
  • physical security, such as locked doors and alarms
  • technological security, such as password protection and encryption on computers and mobile devices
  • administrative security, such as confidentiality agreements and terms of use for information technology
  • how your organization will manage privacy breaches
  • how your organization will meet your breach notification requirements
  • how your organization processes access requests
  • how your organization responds to inquiries and complaints” - Source
Thanks to Owl’s security features including data encryption, secure servers, and data loss protection, Owl helps our customers achieve technological security requirements under PIPA.

Other Legislation

Other acts that may be potentially relevant to clinics in Alberta are:
The Information and Privacy Commissioner of Alberta can be reached through the contact details on this website.