Locate a Hospital or Clinic 24 hour a day, 7 day a week nurse telephone advice Find doctor accepting new patients
Information and Privacy Security Page

Privacy Office

Privacy Home

 Contacts Security Forms / Policies Archives and Information Management
 
Information Security

How do I report an information security breach?
What are some guidelines for protecting health information and corporate information?

What is an information security breach or violation?

An information security breach means an occurrence where sensitive information has been compromised, whether deliberately or accidentally. An information security violation means a particular incident or system-wide condition that violates information security policy but does not necessarily result in an information security breach.

The Calgary Health Region’s revised  Information Security Policy  requires that all potential information security breaches and violations be reported to Information and Privacy. The policy defines three severity levels for breaches and violations and sets specific timelines for reporting these breaches and violations.

How do I report a breach or violation?
Phone the Information and Privacy Office at (403) 943-0424 and ask to speak to the Information Security Analyst.
You will be asked to provide all information relevant to the information security breach, including the names of any employees, patients and other persons involved. Information and Privacy is authorized to collect such information by the Calgary Health Region’s Delegation of Duties, Powers and Functions for Compliance with FOIP Act Policy.
In cases where personal information has been misdirected via fax or another medium, retrieve the misdirected information from the erroneous recipient and contact the Information and Privacy Office immediately.

TOP

Best Information Handling Practices for Employees
Purpose specification. The purpose for collecting personal information should be specified at the time of collection. Further uses should be limited to those purposes.
Collection limitation. The collection of personal information should be obtained by lawful and fair means and with the knowledge and consent of the subject. Only that information necessary for the stated purpose should be collected, nothing more.
Use limitation. Personal information should not be disclosed for secondary purposes without the consent of the subject or by authority of law.
Quality. Personal information should be accurate, complete and timely, and be relevant to the purposes for which it is to be used.
Security. Personal information should be protected by reasonable security safeguards against such risks as loss, unauthorized access, destruction, use, modification or disclosure. Access to personal information should be limited to only those within the organization with a specific need to see it.

TOP

This website is a practical guide to Information and Privacy practices within the Calgary Health Region. It is based on the Information and Privacy policies of Calgary Health Region and the Information and Privacy legislation of Alberta. 

The website is NOT a substitute for legal or policy advice.  Always refer to the specific Calgary Health Region Information and Privacy policies or contact  the Information and Privacy Office for specific issues.

  Privacy/Disclaimer | Regional Policies | Optimized Viewing | Contact