What this addendum is
An Alberta specific supplement to a base privacy impact assessment (PIA). It extends the PHIPA PIA template (E-07) with the additional content the Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta) expects when an Alberta custodian deploys Google Workspace for client email.
Use it if the practice deploying Google Workspace is an Alberta health information custodian under the Health Information Act (HIA): a listed entity or a profession designated in the Health Information Regulation (physicians, registered nurses, pharmacists, dentists and others). Psychologists and counselling therapists in private practice are not designated custodians; their statute is Alberta PIPA, which requires no PIA submission. If that’s you, this addendum still works as voluntary documentation of the same analysis, and it becomes mandatory territory when you work inside a custodian organization.
Under HIA s.64, custodians must prepare a PIA and submit it to the Commissioner before implementing new information systems that handle health information, or before changing existing ones (s.64(2)). The Commissioner’s comments aren’t a precondition to go live; since October 2024 a review ends in a closing letter. For the current OIPC Alberta submission process and required forms, refer to OIPC Alberta directly at oipc.ab.ca; the Alberta government’s HIA overview is at alberta.ca/health-information-act.
Keep your base PIA (E-07 or your own) as the foundation. Attach this addendum to address Alberta specific obligations.
Template body
Copy the sections below into your PIA addendum document. Replace bracketed placeholders with your practice’s information.
Section A. System under assessment
System: Google Workspace (Gmail, Drive, Calendar) operated by Google LLC, with the Curio encryption and audit layer applied to outbound email. Custodian: [Practice or practitioner name], a health information custodian under HIA s.1(1)(f). Information managers (HIA s.66): Google LLC (Workspace services); Gabriel Borges, operating as Curio (email encryption, audit trail, routing). Purpose: Client communications, scheduling, and administrative records related to mental health services.
Section B. HIA designation and information manager agreement
The custodian retains accountability for all health information handled in Google Workspace, as HIA requires of custodians using information managers. Written information manager agreements are in place with each information manager per HIA s.66, with the contents required by Health Information Regulation s.7.2, and contractual terms covering permitted purposes, security measures, use and disclosure restrictions, audit obligations, and return or destruction on termination. Breach notice duties flow from HIA s.60.1.
Section C. Data flow
Outbound client email is processed by Curio’s encryption and audit layer (encryption logic, audit trail entries, portal fallback for unverified recipients) on Canadian hosted infrastructure in Montreal and Toronto.
Gmail message content (message bodies and attachments) is stored on Google’s global infrastructure. Google does not offer a Canadian only data region for Gmail message content; certain Workspace data can be regionalized, but Gmail message bodies cannot be confined to Canada at this time. See Google’s data regions for Workspace documentation for current scope.
This data flow is disclosed transparently. The custodian has applied the safeguards in Sections D and E to bring residual risk within HIA tolerances.
Section D. HIA security safeguards mapping
HIA obligation Safeguard applied Encryption in transit TLS enforced on all outbound mail; portal fallback when TLS cannot be verified Encryption at rest Google Workspace at rest encryption; Curio audit trail encrypted at rest on GCP northamerica-northeast1andnorthamerica-northeast2Access controls 2-step verification enforced; admin console role separation; least privilege Audit trail Every Curio email send logged with timestamp, recipient, encryption mode, audit entry hosted in Canada Accuracy of records Audit trail provides verifiable record of who sent what, when, and how it was protected Backup and continuity Google Workspace native backup; export procedures documented for custodian custody
Section E. Alberta specific risk assessment
Risk Mitigation AI processing of PHI No third party AI model is trained on PHI in this deployment. HIA is silent on AI specifically; CAP’s Use of Technology guideline (2024) advises against providing patient data to AI tools, and this deployment disables vendor features that would do so. Gmail message content on US infrastructure Disclosed transparently in Section C. Mitigations: TLS in transit, recipient verification, portal fallback for unverified recipients, custodian controlled retention. Breach detection and notification A breach carrying a risk of harm to an individual (HIA s.60.1(2), factors in Health Information Regulation s.8.2) is reported to OIPC Alberta, the Minister of Health, and affected individuals as soon as practicable. Audit trail supports timely detection. Cross provincial client data Where a client lives outside Alberta, the higher of the two applicable provincial standards is applied.
Section F. Retention and destruction
The College of Alberta Psychologists Standards of Practice require retention for at least 10 years after the last date a professional service was provided; for minors, 2 years past the age of majority or 10 years after the last professional service, whichever is longer. Other Alberta regulated professions have comparable obligations. Email and attachments forming part of the clinical record are kept for that minimum and then securely destroyed, with destruction logged in the audit trail.
Section G. Information manager agreement clauses (HIA s.66)
Each information manager agreement attached to this PIA carries the contents required by Health Information Regulation s.7.2 and, as contractual good practice: permitted purposes of use, required security measures (encryption at rest, in transit, access logging), restrictions on disclosure, breach reporting timelines to the custodian (the statutory notice duty sits in HIA s.60.1), subcontracting limits and approval, and return or destruction of PHI on termination.
Section H. Submission to OIPC Alberta
Submitted to OIPC Alberta under HIA s.64 with the base PIA. Refer to OIPC Alberta at oipc.ab.ca for the current submission process and required forms; verify the active submission portal URL at time of submission, as it has changed between site refreshes. The Alberta government HIA overview is at alberta.ca/health-information-act.
How to use this addendum
Pair it with your base PIA. Walk through each section, fill in the bracketed placeholders, and attach your information manager agreements as appendices. If your deployment differs from Section C, edit Section C to match.
For help operationalizing Sections D and E, get in touch. Curio handles the encryption, audit trail, and Canadian hosted compliance infrastructure this template references. The PIA still belongs to you.
Companion content
- Alberta HIA: what therapists need to know (B-09)
- PHIPA privacy impact assessment template (E-07, base document)
Get on the waitlist
Curio encrypts your Gmail for Canadian mental health privacy law and keeps every send in a Canadian audit trail. Join the waitlist.
Disclaimer: This template is for informational purposes only and does not constitute legal advice. Privacy regulations vary by province and are subject to change. Verify current requirements with OIPC Alberta and your regulatory college before submission.