Alberta Netcare Integration Service | HIA, PIA and pORA Guide

4 years ago

To provide quality and rapid care to patients, EHR integration plays a crucial role. 

It gathers all medical information of the patients through an EHR and shows it on the mobile app, website, platform or any system in real-time. 

Alberta Netcare is one such EHR provided by the Alberta government and health authorities. 

If you want to enable users on your platform to access the medical information of the patients, you have to integrate EHR into your app/website/platform. 

But the question is, how can you integrate Alberta Netcare into your system.  

Well, it is easy - only if you have access to Alberta Netcare. 

AND, getting access to Alberta Netcare is extremely difficult. 

It requires you to have approval from Alberta Health (a government ministry) and OIPC (Office of the Information and Privacy Commissioner of Alberta). 

The following is the complete guide - approved by our in-house compliance specialists. 

You should also read our other useful resources:

The Most Easiest Guide for Alberta Netcare Integration

To carry out Alberta Netcare integration, you need to have access to it. And to get access to it, you have to meet the following requirements. 

  • Step 1: HIA Compliance 

Your app/platform/website or any system should be HIA compliant. 

  • Step 2: PIA (Privacy Impact Assessment)

You should carry out PIA and your PIA should be approved by OIPC (Office of the Information and Privacy Commissioner of Alberta). 

  • Step 3: pORA (Provincial Organizational Readiness Assessment)

You should complete and submit a pORA (Provincial Organizational Readiness Assessment) to Alberta Healthcare for approval. 

  • Step 4:  Information Management Agreement

Once Alberta Health approves the pORA and OIPC approves PIA, you have to sign an Information Management Agreement with Alberta Health. 

  • Step 5: Done! You now have access to Alberta Netcare EHR. 

Let’s now understand what it takes to accomplish each of these steps successfully.

STEP 1: Compliance 

This is the most basic and important step as the success of the rest 3 steps highly depends on this step only. 

For instance, the Health Information Act (HIA) is Alberta’s dedicated healthcare privacy law. 

And under section 64 of the HIA, PIA (step 2 in our case) is mandatory. 

Meaning, if your app/software/website or system is HIA compliant, you don’t have to invest more time and effort to carry out PIA or step 2 in our case. 

However, PIA is just one of the requirements of HIA. You have to adhere to many other requirements to be HIA compliant. 

HIA Requirements: 

The following are some of the general requirements. 

  • You have to manage the collection, use, disclosure, processing, storing and retrieval of health information from all sources. 
  • You have to respond to data access and data correction requests made by the patients. 
  • You have to protect the personal health information of the patients. 
  • You have to conduct an audit of information logs each month. 
  • You can use and disclose only non-identifying health information for any purpose. 

For more specific rules, you can check out this PDF

Once you make sure that you are fully compliant with HIA, you can proceed further. 

STEP 2: PIA (Privacy Impact Assessment)

The PIA is nothing but the assessment process which reveals organization-wide privacy issues. 

Once an organization knows the privacy issues, it can manage them very easily and ensure that there are no privacy vulnerabilities within the organization. 

If HIA does apply to your organization, you must carry out PIA and submit it to OIPC. It is mandatory under section 64 of HIA. 

OIPC has already prepared the PIA questionnaire which you have to fill and submit for approval. 

The full PIA questionnaire or PIA submission format has been classified into the following sections. 

1) Cover Letter 

Your cover letter must be signed by some executive authority. 

2) Cover Page 

Your cover page must include the official project name, legal name of the custodial who drafted the PIA, contact information of the person responsible for PIA, the contact information of the person responsible for HIA, PIA submission date, expected project implementation date, OIPC file references for any previously accepted PIAs.

3) Section A: Project Summary  

Add project summary and its objectives. Also describe why the project must collect, use and share personal health information. 

4) Section B: Organizational Privacy Management  

  • Management Structure: How is your senior-level management staff involved in privacy-related decision-making?  
  • Policy Management: How do you create, approve and execute privacy policies? 
  • Training & Awareness: How do you train your employees regarding privacy? 
  • Incident Response: How do you discover and investigate any privacy incident? 
  • Access and Correction Request: How do you handle the access and correction requests of individuals? 

5) Section C: Project Privacy Analysis 

  • Health Information Listing: List out the personal health information of individuals that you collect, use and share. 
  • Information Flow Analysis: Show in diagrams or flowcharts how you collect, use and share information.  Following is an example. 
  • Notice: Describe how you will notify users of why their information is being collected and how it is being used. 
  • Consent and Expressed Wishes: Describe how you will address the wishes of individuals regarding how much information to share.  
  • Data Matching: Will you match or combine the information of this project to another project? If yes, describe how you will combine it and its purpose. 
  • Contracts and Agreements: Describe contracts or agreements with third-parties involved in your project.
  • Use of Collected Information Outside of Alberta: Describe how and why you will use this information outside of Alberta. 

6) Section D: Project Privacy Risk Mitigation 

  • Access Controls: Describe how you give access to your collected data to your stakeholders. 
  • Privacy Risk Assessment and Mitigation Plans: Describe the privacy risks you discover in your project and how will you mitigate them.  
  • Monitoring: Describe how you monitor privacy protection measures.  
  • PIA Compliance: Describe how often you will review your PIA and update OIPC as necessary. 

7) Section E: Policy and Procedures Attachments 

You have to attach copies of privacy policies such as general privacy policies and project-specific policies. 

This is all you have to do to meet section 64 of HIA (carrying out PIA) and get approval by OIPC. 

Hold on. You must know this difference!

It is worth noting that the PIA you require to get access to Alberta Netcare EHR is not exactly the same as the PIA of section 64 of HIA. 

Alberta Netcare PIA only covers access to Alberta Netcare - how do you use it, integrate it, ensure its privacy, collect information etc. 

Whereas the HIA’s PIA covers everything including administrative, business and technical aspects of your healthcare project. 

But without executing HIA’s PIA, you can’t be HIA compliant and thus can’t accomplish the STEP 1 successfully. 

And also, without HIA’s PIA, it is very difficult to execute Alberta Netcare PIA.

Thus, our compliance experts suggest carrying out full-scale PIA.  

STEP 3: pORA

pORA (Provincial Organizational Readiness Assessment) is the tool used by Alberta Health to validate whether you meet minimum security standards - before getting access to Alberta EHR. 

It is the core requirement. It generally evaluates your technical, administrative and physical security controls. 

Here is the complete pORA process till approval. 

  • eHealth Netcare Support Services team assigns an eHealth consultant for you who provides you with an assessment form or pORA form. 
  • You have to fill the required section by answering several questions. 
  • On behalf of you, the eHealth consultant submits your filled pORA form to the Security Team of the HIA Policy, Privacy and Security Unit of Alberta Health for review and approval. 
  • Once Alberta Health approves the pORA, you are asked to sign pORA. 
  • The Security Manager as the Alberta Health security authority also signs the pORA. Now, you’re approved by Alberta Health. 

STEP 4: Sign IMA (Information Management Agreement) 

IMA is nothing but the legal agreement between you and Alberta Health regarding your access to Alberta Netcare. 

The agreement includes terms, conditions and restrictions under which Alberta Netcare access is granted. 

You now have access. An experienced healthcare-specific IT company can now integrate Alberta Netcare EHR to your app/website/software or system. 

We can brilliantly help you with HIA, PIA, pORA and Technical Implementation of Alberta Netcare EHR 

We’re Ontario-based professional compliance and IT experts. We have been serving the Canadian healthcare industry for more than 7 years. 

Our CEO himself leads the team of our in-house compliance experts. 

We have proven mastership in all federal and provincial healthcare laws. 

You can check out our case study which talks about the way we eliminated 47 security risks out of a mobile app and made it a HIPAA compliant app.   

We can help you to be compliant with HIA, carry out PIA,  carry out pORA and integrate Alberta Netcare EHR into your system. 

We also have the expertise to integrate many other EHRs including TELUS Health EHR, PointClickCare EHR and many other similar ones. 

Just share your requirements with us. Our one of the executives will get back to you with the complete roadmap and free compliance consultation.