For the privacy and security of health information in British Columbia, private practitioners must follow the Personal Information Protection Act (PIPA). This is BC’s private sector privacy law, and has been deemed “substantially similar” to PIPEDA. PIPA sets the rules for the collection, use and disclosure of personal information and personal employee information by private sector organizations in British Columbia.
Owl and PIPAIndividuals have a number of rights under PIPA - here are some relevant to Owl:
The right to request access to your personal health information: Extensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
PIPA requires organizations to take reasonable security measures against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of information. Here are some of the safeguards they suggest, and how they relate to Owl:
- technological security, such as password protection and encryption on computers and mobile devices: Owl helps practices achieve this security through our own security measures. At Owl, we use bank-level encryption (SSL) to encrypt all data that moves between our secure and dedicated servers and the device and browser on which a clinician accesses their Owl Practice account. Data that is encrypted between our secure and dedicated servers and the device and browser on which a clinician accessing their Owl account is done using SHA256 with RSA. We continuously test our systems to ensure all of our encryption layers have the most up-to-date patches for any vulnerabilities that surface over time (example: Heartbleed/CVE-2014-0160).
Other LegislationOther acts that may be potentially relevant to clinics in British Columbia are:
- The Freedom of Information and Protection of Privacy Act, British Columbia’s public sector privacy law;
- The E-Health (Personal Health Information Access and Protection of Privacy) Act, British Columbia’s privacy law relating to health records.