How your clinic can quickly assess privacy and security risks

The Doctors of BC Privacy and Security Checklist

This simple set of 25 questions, written back in 2009 in collaboration with the OIPC and the College of Physicians and Surgeons of BC, provides a great starting point to assess how your clinic is managing privacy and data security. If you can say “Yes” to these questions, you will have addressed important areas that should be of concern to all clinicians. Interested? Click here to download your copy from the Doctors of BC website. It’s part of their Privacy Toolkit, a great resource.

The OIPC Security Self-Assessment Tool

About three years after the Privacy and Security Checklist was published, the OIPC for British Columbia collaborated with the OIPC of Alberta and the Office of the Privacy Commissioner of Canada to create a tool intended for all organizations that must be compliant with personal information security requirements under the Personal Information Protection Act (PIPA) in British Columbia, the Personal Information Protection Act in Alberta and the personal Information Protection and Electronic Documents Act (PIPEDA) across Canada.

What is especially useful with this more comprehensive self-assessment is that it includes key questions that are considered minimum security requirements for all organizations, not just health clinics. These key questions can help to assess whether or not, from a security point of view, your clinic or organization is safeguarding data in compliance with legislated requirements under PIPA in BC and Alberta, and PIPEDA.

We highly recommend taking the time to do this security self-assessment. Click here to download your copy from the OIPC website.

Together, the above tools provide excellent starting points for asking the sort of questions with your staff and service providers that will help develop the culture of privacy we discussed in Part 1 of this series.

If you need assistance, contact us.