Privacy and Security Policies for Custodians

These policies and procedures were developed to meet the legislative requirements set out by the Health Information Act (HIA, 2000) and regulations. The purpose of this document is to provide information and templates that will assist the College of Registered Nurses of Alberta’s (CRNA) registrants, as custodians of health information, to establish policies and procedures that will facilitate their compliance with Section 63 of the HIA. The HIA definitions are included in the Glossary.

The Health Information Regulation (2001) designates who are custodians under the HIA (2000). Registrants of the CRNA are designated as custodians unless they are affiliates. A custodian of health information must establish written policies and procedures relating to how they and their affiliates manage health information in their custody and control. These policies and procedures need to include a written record of the administrative, technical, and physical safeguards in place to protect the privacy and confidentiality of health information.

This guide provides information and templates for the use of registrants as custodians of health information when

•  developing policies and procedures for use in their practice setting;
•  when completing a privacy impact assessment (PIA) submission to the Office of the 
  Information and Privacy Commissioner (OIPC); and
•  when submitting a PIA for a request to access Alberta Netcare.

Registrants need to individualize and adapt the policies and procedures in this guide to reflect their own specific organizational privacy management procedures, and to use them as part of the PIA submission to the OIPC. If a registrant has any questions about the role of a custodian, please contact a CRNA policy and practice consultant at practice@nurses.ab.ca