What is a Privacy Impact Assessment (PIA)?
In the context of AI tools used in family medicine, a PIA is used to determine how an AI tool could potentially affect the privacy of patients and the healthcare provider. PIAs formally identify privacy risks, ensure compliance with legal requirements, and help with mitigation measures. PIAs also help to avoid and mitigate potential risks or negative effects that may result from use of the AI tool.
For Pippen, the scope of this PIA includes both PIPEDA and PHIPA ON in order to ensure that our company supports family physicians’ accountability to their obligations as health information custodians. The PIA assesses our commitment to the 10 Fair Information Privacy Principles. The 10 Fair information privacy principles are considered the “ground rules” for the collection, use and disclosure of personal information.
1. Accountability: An organization’s governance structure should ensure privacy is integrated into decision making. There should be clear mechanisms to implement privacy decisions effectively.
Pippen Compliance with the Accountability principle:
- Pippen’s Privacy Policy outlines the governance structure for handling personal information (PI) and personal health information (PHI)
- Accountability for privacy compliance is clearly defined
- Users can address concerns at team@pippen.ai
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Pippen Compliance with the Identifying Purposes principle:
- Pippen identifies the purpose of collecting and using Personal Information (PI)/ Personal Health Information (PHI) in our terms of service and privacy policy
- We ensure and value transparency regarding the use of information
3. Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
Pippen Compliance with the Consent principle:
- Pippen relies on family physicians to capture the appropriate consent for the use of the platform
- The onboarding process ensures family physicians consent to this, the privacy policy, and the terms of service
- Users also must consent that they are a healthcare provider
- Users can withdraw consent, leading to a soft-delete as required per legal retention requirements (only legally compliant information will be kept after the soft delete)
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by Pippen. Information shall be collected by fair and lawful means.
Pippen Compliance with the Limiting Collection principle:
- We collect information that is necessary for account setup such as usernames, email addresses and passwords
- This information is only used for relevant purposes such as contacting customer service
- Pippen captures patient information when used for patient care
- Audio recordings are not kept after transcription
5. Limiting Use, Disclosure and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the family physician or as permitted or required by law. Personal information shall be retained only as necessary for the fulfillment of those purposes. Pippen should ensure information is accurate, complete, and up to date. Reasonable steps must be taken to protect personal information. Pippen should ensure it is safely stored – no loss, theft, unauthorized access, disclosure, copying, using, modification.
Pippen Compliance with the Limiting Use, Disclosure and Retention principle:
- PI is only used for relevant business operations, communications, and services
- Pippen limits the use of PHI as per relevant privacy laws and relies on the end-users for compliance as well
- Pippen retains information only as necessary (ex. Retention periods legally required)
- Pippen deletes audio files once transcripts are produces
6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Pippen Compliance with the Accuracy principle:
- Family physicians are responsible for verifying the accuracy of the outputs/transcripts provided by Pippen after the encounter
- Family physicians need to provide accurate information during their registration and should update this information as needed
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. This may include: physical safeguards, administrative safeguards, and technical safeguards. These should protect personal health information against lost, theft, unauthorized access, disclosure, copying, use, modification
Pippen Compliance with Safeguards principle:
- Physical Safeguards: Data is stored virtually on the cloud service. This platform’s physical systems meet the requirements for physical safeguards.
- Administrative: Regular privacy and security assessments ensure compliance and help with risk mitigation.
- Technical: Our platform incorporates best practices and satisfies many standard practices when it comes to technical safeguards such as management of TLS certs, Cloud architecture setup and password strength tools. Multi-factor authentication is employed for enhanced security, and encryption safeguards data.
8. Openness: An organization shall make readily available to individuals’ specific information about its policies and practices relating to the management of personal information. Transparency is central to privacy. Individuals have the right to understand how their personal information is collected, used, disclosed, and handled and organizations must provide this understandably and clearly.
Pippen Compliance with Openness principle:
- Our privacy policy has detailed information regarding our privacy practices
- Pippen ensures transparency and ease of access to privacy information on our website
9. Individual access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Pippen Compliance with Individual access principle:
- End-users can easily access and update their information and profiles
- There is standard password reset capabilities
- Users can request for their profile to be deleted
10. Challenging Complaints: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual(s) accountable for the organization’s compliance.
Pippen Compliance with Challenging Complaints principle:
- There is information on how to make inquiries or complaints in our Privacy Policy
- You can directly contact us at team@pippen.ai
Pippen is committed to protecting the confidentiality of information provided by its users. We maintain an information security initiative that has implemented administrative, technical, and physical safeguards to reasonably and appropriately ensure confidentiality, integrity, and availability of user information and personal health information. Please contact team@pippen.ai for any questions.
Contributed by: Mary Aglipay, Charlotte Chen, Privacy Consultants