PIA Support



Requirement for Privacy Impact Assessments

The Health Information Act (HIA) requires custodians to submit a PIA (Privacy Impact Assessment) to the OIPC (Office of the Information and Privacy Commissioner) before implementing any practices or information systems relating to the collection, use or disclosure of individually identifying health information.  A PIA must also be submitted before making any changes to those practices or systems. 


Reviewing and Updating Your PIA 

New practices and technologies evolve after projects are implemented and new threats to privacy can develop over time. Your PIA should be reviewed annually to ensure that any risks caused by changes are mitigated. You should advise the OIPC of any changes to your PIA. Sometimes a letter is enough, other times you may need to submit a revised PIA. To decide whether you need to update your PIA or notify OIPC, ask yourself “Does this project or change pose any risk to privacy of health information?”  Examples of when you should consider a PIA:


  • You start to collect, use or disclose health information that you did not collect use or disclose before
  • You give access to health information to new people or organizations
  • You implement new technology or a new service delivery that stores, transmits or receives health information
  • You implement a new or different Pharmacy Management System (electronic health record system) or make changes to the existing one such as adding portable devices with wireless technology
  • You establish a new healthcare delivery system such as a network or telehealth initiative



New Pharmacies - Access to Alberta Netcare Portal (ANP) 

Click to reveal the information 


Existing Pharmacies - Real Time Integration (RTI) with Netcare

Click to reveal the information