NL Centre for Health Informationfull PIA Report Template V2.2 2013-01-03 FINAL

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Update cover page and header.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Preamble

A Privacy Impact Assessment (PIA) is an assessment tool used to evaluate the impact on privacy that results from change to a system, environment, or process; for example, such change might take the form of a revised policy, a software upgrade, or the introduction of new technology. A PIA is conducted by considering the system, environment, or process in the context of privacy principles, best practices, codes of conduct, legislation, and relevant directives.

The following sections constitute a template that has been created to support the writing of full PIA reports by the Centre. The Centre also maintains a template for “short form” PIAs, the results of which may lead to the need for a full PIA report.

This section should be removed from the final PIA report, as well as the table of contents.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Executive Summary

Brief commentary to summarize PIA.

• Introduce subject
• Timeframe/Scope
• Other relevant points
• Conclusion

List risks identified through PIA.

Privacy Risk 1:The possible locations of personal information in the System are not well understood. (Risk Level: High)

Proposed Strategy

Mitigate by ….

Privacy Risk 2:Personal information is being retained in the System for longer than it needs to be retained. (Moderate)

Proposed Strategy

Accept the risk.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Table of Contents

Preamble

Executive Summary

1Introduction

1.1What is a Privacy Impact Assessment?

1.2About this Privacy Impact Assessment

1.2.1Timeline

1.2.2Scope

1.2.3Methodology

2General Description

2.1Uses

2.2Support Tiers

2.3Lifecycle

2.4Users and Roles

2.5Personal Information

2.6Architecture

3Privacy Analysis

3.1Accountability

3.2Identifying Purpose

3.3Consent

3.4Limiting Collection

3.5Limiting Use, Disclosure, and Retention

3.6Accuracy and Integrity

3.7Security Safeguards

3.8Openness

3.9Individual Access

3.10Challenging Compliance

4Risks and Recommendations

5Conclusion

Appendix ARisk Assessment Methodology

Appendix BSources of Information

Appendix CAdditional appendices

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

1Introduction

The Centre for Health Information (the “Centre”) provides quality information to health professionals, the public, researchers, and health system decision-makers. Through collaboration with the health system, the Centre supports the development of data and technical standards, maintains key health databases, prepares and distributes health reports and supports and carries out applied health research and benefits evaluations. The Centre's mandate also includes the development and implementation of a confidential and secure provincial Electronic Health Record, including the change management required to support adoption by end user clinicians.

A line or two to describe subject of PIA. This report presents the results of a Privacy Impact Assessmentconducted on the subject.

1.1What is a Privacy Impact Assessment?

A Privacy Impact Assessment (PIA)is an assessment tool used to evaluate the impact on privacy that results from change to a system, environment, or process; for example, such change might take the form of a revised policy, a software upgrade, or the introduction of new technology. A PIA is conducted by considering the system, environment, or process in the context of privacy principles, best practices, codes of conduct, legislation, and relevant directives.

PIAs serveto inform relevant stakeholders and decision-makers on privacy considerations pertaining to the system, environment, or process; as such, PIAs should be timed so as to allow the findings of the assessment to factor into decision-making processes.

PIAs are “living” documents that should be revisited whenever there is further change to the system, environment, or process.

1.2About this Privacy Impact Assessment

1.2.1Timeline

The PIA was conducted between insert dates.

1.2.2Scope

Describe scope.

1.2.3Methodology

Add relevant commentary about methodology.

Sources of information that supported this PIA can be found in Sources of Information.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

2General Description

Brief introduction to subject.

The subheadings found in this section are flexible – whatever is required to provide sufficient context to perform a privacy analysis. Possible subheading might include

• Uses of system
• User accounts/roles
• User registration
• Personal Information sources
• Data flows
• Information Lifecycles
• Architecture
• Known Safeguards
• Existing risk documentation
• Support models
• Collections, uses, and disclosures

2.1Uses

2.2Support Tiers

2.3Lifecycle

2.4Users and Roles

2.5Personal Information

2.6Architecture

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

3Privacy Analysis

The privacy analysis conducted as part of this PIA is centered on the principles of the Canadian Standards Association Model Code for the Protection of Personal Information (“Model Code”), which forms the basis for the Centre’s privacy program.

In addition to the principles found in the Model Code, the analysis will consider all applicable legislation, codes of conduct, best practice, and directives. Specifically the analysis will consider mention any specific legislation/codes (and whether or not they align with the Model Code).

The focus of the analysis should be on the privacy principles found in the Model Code, not legislation (discussion of specific legislative considerations should be woven through the analysis of the principles).

3.1Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance [with the principles of the Model Code].[1]

Insert analysis on the principle.

3.2Identifying Purpose

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.[2]

Insert analysis on the principle.

3.3Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.[3]

Insert analysis on the principle.

3.4Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.[4]

Insert analysis on the principle.

3.5Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.[5]

Insert analysis on the principle.

3.6Accuracy and Integrity

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.[6]

Insert analysis on the principle.

3.7Security Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.[7]

Insert analysis on the principle, with specific attention to any security documentation, such as Threat Risk Assessments and Vulnerability Assessments.

3.8Openness

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.[8]

Insert analysis on the principle.

3.9Individual Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.[9]

Insert analysis on the principle.

3.10Challenging Compliance

An individual shall be able to address a challenge concerning compliance [with the principles of the Model Code] to the designated individual or individuals accountable for the organization's compliance.[10]

Insert analysis on the principle.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

4Risks and Recommendations

The Centre has not developed a risk management process explicitly for subject, but has established an information protection risk management process for the entire organization which is integrated into the Centre’s Enterprise Risk Management activities. For details on the Centre’s risk assessment methodology, see Risk Assessment Methodology.

There were insert numbersrisks identified through the PIA.

Insert risks that have been identified

Privacy Risk 1:The possible locations of personal information in the System are not well understood.

Brief explanation of risk.

Evaluation

• Likelihood: Likely (4)
• List factors that contribute to scoring.
• Impact: Major (4)
• List factors that contribute to scoring.
• Risk Level: High (16)
• Additional Notes:
• List any addition context that might be of benefit.

Proposed Strategy

Briefly describe proposed strategy (mitigate by, accept…).

Privacy Risk 2:Personal information is being retained in the System for longer than it needs to be retained.

Brief explanation of risk.

Evaluation

• Likelihood: Likely (4)
• List factors that contribute to scoring.
• Impact: Major (4)
• List factors that contribute to scoring.
• Risk Level: High (16)
• Additional Notes:
• List any addition context that might be of benefit.

Proposed Strategy

Briefly describe proposed strategy (mitigate by, accept…).

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

5Conclusion

Brief conclusion.

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Appendix ARisk Assessment Methodology

The Centre’s Risk Assessment approach rates both the likelihood of an adverse event, and the impact of that event, on a scale of one to five, as illustrated in Table 1 and Table 2. The overall score attributed to the risk of that such an adverse event occurring is calculated as the product of the likelihood and impact ratings to produce a score and risk level, as illustrated in Table 3. Once risks have been identified and qualified, a decision must be made on how to manage the risk. Risks can be avoided, transferred, mitigated or accepted.

LIKELIHOOD of Event
Level / Descriptor
5 / Almost Certain
4 / Likely
3 / Possible
2 / Unlikely
1 / Rare

Table 1: Event Likelihood

IMPACT of Event
Level / Descriptor
5 / Catastrophic
4 / Major
3 / Moderate
2 / Minor
1 / Insignificant

Table 2: Event Impact

Overall Risk
Level / Descriptor
20+ / Extreme
11-19 / High
5-10 / Moderate
1-4 / Low

Table 3: Overall Risk

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Appendix BSources of Information

The following sources were consulted or used in conducting the Privacy Impact Assessment.

• List sources

Some of the key informants for this PIA include the following.

• List key informants

1

NL Centre for Health InformationFull PIA Report Template v2.2 2013-01-03 FINAL

Appendix CAdditional appendices

Insert additional appendices as required.Please use appendix styles for headers.

1

[1] Canadian Standards Association Model Code for the Protection of Personal Information

[2] Canadian Standards Association Model Code for the Protection of Personal Information

[3] Canadian Standards Association Model Code for the Protection of Personal Information

[4] Canadian Standards Association Model Code for the Protection of Personal Information

[5] Canadian Standards Association Model Code for the Protection of Personal Information

[6] Canadian Standards Association Model Code for the Protection of Personal Information

[7] Canadian Standards Association Model Code for the Protection of Personal Information

[8] Canadian Standards Association Model Code for the Protection of Personal Information

[9] Canadian Standards Association Model Code for the Protection of Personal Information

[10] Canadian Standards Association Model Code for the Protection of Personal Information