Yukon Information and Privacy Commissioner
Yukon Information and Privacy Commissioner issues reminder to custodians about duty to audit
Tue, Aug 21, 2018
WHITEHORSE – The Information and Privacy Commissioner (IPC) for the Yukon, Diane McLeod-McKay, is taking steps to ensure that custodians under the Health Information Privacy and Management Act (HIPMA) remember their obligation to audit their security safeguards to protect personal health information in their custody or control.
The Health Information General Regulation [paragraph 14 (1)(c)] under HIPMA requires custodians to audit their security safeguards, including their information management practices and procedures. The audits must take place at least every two years, and the deadline for completing the first audit is the end of this month, August 31st. To assist custodians in meeting this obligation, the IPC has developed an audit tool that is available on her website.
“We designed a tool to help custodians easily identify the information management practices that they must audit under HIPMA,” said McLeod-McKay. “The tool walks them through the process of identifying how their policies and procedures measure up against the minimum standards in the legislation. It also helps them address any gaps within a specified period of time.”
In addition, the audit tool advises custodians to retain a copy of their audit, should they need to produce it as part of an investigation in the future.
Although HIPMA requires custodians to complete the audits, it does not require them to submit the completed audits to the Office of the IPC. However, they may do so voluntarily. McLeod-McKay will use the information in any audits that she receives to help her develop guidance for custodians seeking to improve their security safeguards.
In addition to issuing this news release, the Office of the IPC will be notifying custodians about their duty to audit using direct and other forms of communication. Custodians are encouraged to contact the Office of the IPC with any questions or feedback about the tool.
The HIPMA Audit Tool can be found on the IPC’s website here.
For more information contact:
Diane McLeod-McKay, B.A., J.D.
Yukon Information and Privacy Commissioner
867-667-8468