Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 98 Section 23.1 of LA FOIP requires local authorities to have written policies and procedures that cover three areas: administrative, technical, and physical safeguards. All three are addressed below in more detail. Administrative Administrative safeguards are controls that focus on internal organization, policies, procedures, and maintenance of security measures that protect personal information. Examples include written policies and procedures, annual training for employees, confidentiality agreements, agreements with information management service providers, auditing programs, records retention and destruction schedules and access restrictions.269 Administrative safeguards should include, but are not limited to, having:270 1. A designated privacy officer Identify an individual in your practice who will be responsible for implementing privacy policies and procedures, managing privacy breaches and being the contact for privacy inquiries and complaints.271 2. A privacy policy Develop a privacy policy based on the requirements of LA FOIP as it pertains to collecting, using, and disclosing personal information, including consent requirements, individual access to information and correction and security safeguards.272 269 SK OIPC resource, Helpful Tips: Mobile Device Security at p. 2. 270 SK OIPC Investigation Report H-2011-001 at [115]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 9. 271 SK OIPC Investigation Report H-2011-001 at [102]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8. 272 SK OIPC Investigation Report H-2011-001 at [113]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.
RkJQdWJsaXNoZXIy MTgwMjYzOA==