A Privacy Impact Assessment (PIA)2023-06-13T10:54:15+10:00
Staff Extranet / Wellness / Manager Milestone Micro Skills / A Privacy Impact Assessment (PIA)

What is: A Privacy Impact Assessment (PIA)

A Privacy Impact Assessment (PIA) captures privacy risks and helps design your project in a way that is respectful of privacy and confidentiality. Complete a PIA when changing a work process or implementing new software.

Contents

    Why is this important and what’s my role in this?

    Metro North Health must comply with the:

    • Information Privacy Act 2009 (Qld)
    • National Privacy Principles
    • confidentiality requirements of the Hospital and Health Boards Act 2011 (Qld).

    A PIA is a tool to check this compliance.

    A PIA is needed when your work process or software includes the capture or use of personal information or confidential patient information.

    What do I need to do?

    You should not be starting to consider privacy at the end stage of a project. Privacy and confidentiality obligations should be considered at the beginning of any project.  This allows privacy issues to be built into the project from the beginning, and for privacy to be proactively managed. A PIA ensures that privacy is considered early on.

    PIAs are normally a group effort. The project team should:

    • describe the project
    • map the personal information flow
    • prepare the first draft of the document.

    Specialist advice and input should be looked for from relevant privacy contacts and consultation with key stakeholders such as:

    • legal
    • procurement
    • cyber security
    • relevant clinical areas

    The Process

    The PIA process can be used:

    • alongside existing project management and risk management tools or
    • as separate and independent process

    The amount of detail in a PIA depends on the scale and complexity of the project. For straightforward projects, the PIA process can be quite simple, and the PIA report may only be a couple of pages. Complex projects will be a more formal and intensive exercise and may require re-visiting and updating if things change on the project.

    The level of detail in a PIA will be influenced by:

    • The nature of the personal information involved in the project
    • Whether new or innovative technology will be used to collect or store the information
    • Whether the project involves data-matching
    • Whether information will be shared with another agency or contract
    • The likely community and/or media interest in the project.

    Accessing the PIA template

    The PIA template is available from relevant privacy contacts.

    Related Micro Skills

    Training programs

    Essential Contacts

    MNHHS: Director, Health Information Policy Access and Coordination

    Ph:                   (07) 3647 9753

    Email:             privacymetronorth@health.qld.gov.au

    RBWH: Manager, Information Access Unit

    Ph:                   (07) 3646 7423

    Email:               IAU-RBWH@health.qld.gov.au

    TPCH: Director, Health Information Services

    Ph:                   (07) 3139 4288

    Email:               IAU-TPCH@health.qld.gov.au

    Caboolture-Kilcoy: Director, Health Information Services

    Ph:                   (07) 5316 3943

    Email:               Cab-HIS-IAU@health.qld.gov.au

    Redcliffe: Director, Health Information Services

    Ph:                   (07) 3883 7029

    Email:               CIA-Redcliffe@health.qld.gov.au

    STARS: Director Health Information Services

    Ph:                   (07) 3647 6009

    Email:               Megan.Wallace@health.qld.gov.au

     

    Values in Action

    Updated: June 2023

    Last updated 13 June 2023
    © The State of Queensland (Metro North Health) 2024

    Back to top