Mandatory breach reporting is less than 1 week away!
In May of 2018, the province of Alberta approved new mandatory breach reporting amendments to the Health Information Regulation (HIR) and the Health Information Act (HIA). These new amendments will come into force on August 31, 2018.
What Has Been Added to the HIA?
The new amendments detail the reporting responsibilities of custodians and affiliates in the event of a loss, unauthorized access or disclosure of identifying health information.
As per the new rules, custodians must report the “loss of individually identifying health information or any unauthorized access to or disclosure of individually identifying health information in the custody or control of the custodian if there is a risk of harm to an individual as a result of the loss or unauthorized access or disclosure”
Affiliates must report any loss, unauthorized access or disclosure of identifying health information to their custodian.
If the custodian believes the breach has resulted in harm to the individual, the custodian, as soon as practicable is required to notify:
- The Commissioner
- The Minister
- The Individual
Offence Penalty Amendments
The new regulations also include new penalties for custodians and affiliates who:
- Fail to report a breach
- Fail to take “reasonable steps to maintain safeguards to protect health information, which includes administrative, technical and physical safeguards” (OIPC).
According to the OIPC of Alberta, a custodian or affiliate found guilty of one of the above offences can face a fine of up to $50,000.