2    Ensure your privacy policies are up-to-date, reflecting your current systems, practices, and privacy and security management. 

Note: Contact your health professional college/association to obtain a model policy set that you can customize.

3    Individualize and submit the OIPC ANP PIA Custodian Cover Letter template and your HIA Policies to the OIPC.

Note: send your PIA via courier and request a signed receipt or email your PIA to the OIPC at pia@oipc.ab.ca. Both options provide proof that your PIA has been submitted.

4    Email eHealth Services Provider Support at eHealthPrivacy@gov.ab.ca to confirm your ANP PIA has been submitted to the OIPC. Attach a scan of your signed cover letter.

5    When you receive a PIA acceptance letter from the OIPC, provide a scanned copy via email to eHealth Services Provider Support at eHealthPrivacy@gov.ab.ca.

Note: ongoing ANP access is contingent on OIPC acceptance of your PIA. The eHealth Services team will follow up with you if we do not receive a copy of your PIA acceptance letter within 8 months.

•    The PIA is an important document outlining the process undertaken to ensure the protection of patients' personal health information. It serves as a due diligence tool for identifying and addressing privacy risks within a practice or information system.
•    Under the Health Information Act (HIA), custodians have a duty to prepare and submit a PIA to the Information and Privacy Commissioner before implementing new systems.

Alberta Health has established an Expedited PIA process for custodians that participate in ANP.
 

2    Once Alberta Health agrees that the responses meet appropriate security standards, the custodian from your facility signs the pORA. The Alberta Health Security Manager will also sign the pORA, acknowledging that the custodian has met the minimum-security standards, allowing them to proceed with the next step in gaining access to the ANP. 

Note: The pORA is applicable to community facilities only. Alberta Health Services (AHS) has completed a verification of security requirements, exempting AHS facilities from the pORA completion.

•    The pORA serves as a risk assessment for custodians seeking access to ANP and other provincial systems while operating in a community facility. 
•    Under the Health Information Act (HIA), custodians are responsible for safeguarding the medical records and other health information they collect, use, and disclose.
For questions, refer to pORA FAQs or contact the HIA Help Desk at 780-427-8089, or hiahelpdesk@gov.ab.ca.
 

1. Your eHealth Consultant will provide you with a copy of an IMA and IEP. Before gaining access to ANP, the custodian(s) must sign, date, and mail the original signed IMA to Alberta Health, agreeing to abide by the rules of the IEP.  

Learn more about the IMA by reading the IMA/IEP factsheet.

1. The IEP establishes specific rules for users accessing information through the Electronic Health Record (EHR). The custodian(s) of the facilities must read and fully understand these rules, making sure everyone at their facility understands and follows them. The rules in the IEP expand upon the obligations in the Health Information Act (HIA).

Learn more about the HIA and the responsibilities of information custodians.

The Netcare AA manages ANP user accounts. Assigns permission levels and disables access when a staff member leaves.

An RSA SecurID token is required to log into ANP and is included in the access request. Netcare AAs using the Alberta Health Services (AHS) Identity & Access Management (IAM) application to manage access will also need a token. This token is the same for logging into both ANP and AHS IAM applications.