Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 91 Administrative Administrative safeguards are controls that focus on internal organization, policies, procedures, and maintenance of security measures that protect personal information. Examples include written policies and procedures, annual training for employees, confidentiality agreements, agreements with information management service providers, auditing programs, records retention and destruction schedules and access restrictions.279 Administrative safeguards should include, but are not limited to, having:280 1. A designated privacy officer Identify an individual in your practice who will be responsible for implementing privacy policies and procedures, managing privacy breaches and being the contact for privacy inquiries and complaints.281 2. A privacy policy Develop a privacy policy based on the requirements of FOIP as it pertains to collecting, using, and disclosing personal information, including consent requirements, individual access to information and correction and security safeguards.282 Develop written policies. The primary objectives of privacy and security policies are to: • Prevent and detect malicious activities from occurring • Assist in understanding potential security exposures and risk • Educate, communicate, and promote security responsibilities to all stakeholders 279 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 280 SK OIPC Investigation Report H-2011-001 at [115]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 9. 281 SK OIPC Investigation Report H-2011-001 at [102]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8. 282 SK OIPC Investigation Report H-2011-001 at [113]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.
RkJQdWJsaXNoZXIy MTgwMjYzOA==