What is the Health Information Act and how does it affect Edmonton clinics?

Alberta's Health Information Act (HIA) governs how health information is collected, used, and disclosed by health custodians and their affiliates. For Edmonton medical and dental clinics, this means your IT systems — including your EMR, email, file storage, and backup — must be designed to protect patient health information. Access must be restricted to authorized custodians, and you must be able to demonstrate compliance if audited by the Office of the Information and Privacy Commissioner.

Do you integrate with Accuro, Wolf, and other EMR systems used in Edmonton?

Yes. We support the EMR and practice management platforms commonly used by Edmonton medical clinics, including Accuro, Wolf EMR, Oscar, and Telus Health. We integrate these systems with your Microsoft 365 environment and manage authentication so your clinical software is covered by the same MFA and access controls as your other systems — without creating separate security gaps.

Can you help our clinic satisfy AHS supplier security requirements?

Yes. Organizations that provide services to Alberta Health Services or operate within AHS-affiliated networks face security questionnaires and supplier compliance requirements. We align your access controls, logging, backup architecture, and documentation with AHS supplier expectations and maintain a controls register your team can produce when security questionnaires arrive.

How do you handle device security for clinical staff?

We manage devices for Edmonton healthcare organizations with Intune. Every device accessing patient health information is encrypted, covered by MFA, and enrolled in mobile device management so we can remotely wipe a lost or stolen device immediately. We also manage personal device access through Conditional Access policies that enforce security requirements without requiring full MDM enrollment on staff's personal phones.

What does onboarding look like for an Edmonton healthcare clinic?

We complete clinic onboarding in under two weeks without disrupting clinical operations. We schedule technical work around your clinical schedule — not the other way around. Week one covers the IT assessment and HIA gap analysis. Week two covers MFA rollout, device management, backup deployment, and helpdesk transition. Your staff gets a point of contact who understands clinical workflows.

Edmonton Healthcare IT

Managed IT for Edmonton healthcare clinics — HIA compliance, EMR integration, and clinical uptime

Health Information Act-aligned security. MFA on every clinical account. EMR integration with Accuro, Wolf, and Oscar. A helpdesk that schedules around your clinical day, not theirs.

Book a Free IT Assessment 1 (800) 566-4188

The healthcare IT challenge in Edmonton

Alberta’s Health Information Act sets specific IT requirements — most MSPs don’t know them

HIA

Health Information Act — governs every Edmonton clinic’s data handling obligations

AHS

Alberta Health Services supplier compliance requirements for vendors and affiliates

OIPC

Office of the Information and Privacy Commissioner — investigation authority for breaches

Alberta’s Health Information Act is the provincial law governing how health custodians — physicians, dentists, pharmacists, chiropractors, and the organizations that support them — collect, use, and disclose patient health information. Unlike PIPEDA or BC PIPA, HIA applies specifically to health information and sets higher standards for consent, access controls, breach notification, and retention.

For Edmonton medical and dental clinics, this means your IT infrastructure has to meet specific requirements: access must be restricted to authorized custodians, patient health information must be encrypted in transit and at rest, you need audit logs documenting who accessed records and when, and if a breach occurs, you have specific notification obligations to patients and the OIPC.

Most general managed IT providers know PIPEDA. Very few understand HIA, how it applies to clinic IT environments, and what a proper HIA-aligned IT setup actually looks like. We do.

What we deliver for Edmonton healthcare

Clinical IT built for uptime, compliance, and staff who don’t have time for IT problems

HIA-aligned access controls

Role-based access so clinical staff see only the patient records relevant to their role. Physicians, nurses, medical office assistants, and billing staff each have access scoped to their custodian role. Every access is logged. We design these controls around your clinic’s specific workflows — not a generic template.

EMR and clinical software integration

We support Accuro, Wolf EMR, Oscar, Telus Health, and other platforms used by Edmonton clinics. We integrate your EMR with Microsoft 365 authentication, manage software updates around clinical schedules, and ensure that your EMR vendor’s security requirements are met without conflicting with your other IT controls.

MFA on every clinical account

Multi-factor authentication enforced on every account that can access patient health information — Microsoft 365, EMR, remote access, and any cloud-hosted clinical application. We configure MFA to be as low-friction as possible for clinical staff while being cryptographically enforced. A stolen password alone cannot expose patient records.

Encrypted devices and mobile management

Every device that accesses patient health information is enrolled in device management with full-disk encryption. If a laptop or tablet is lost or stolen, we can remotely wipe it immediately. For staff accessing systems on personal phones, we use Conditional Access policies that enforce encryption and MFA without requiring full MDM enrollment on personal devices.

Clinical backup and recovery

Backup systems designed around clinical recovery requirements. EMR data, patient records, and financial data backed up daily with tested recovery procedures. Recovery time objectives defined in advance — so if something goes wrong, recovery is a process, not a scramble. Backups are immutable and stored separately from your live environment so ransomware can’t reach them.

AHS supplier compliance documentation

Organizations providing services to Alberta Health Services face supplier security questionnaires that ask about your IT controls in detail. We maintain a controls register for Edmonton healthcare clients that documents MFA status, encryption, backup procedures, incident response, and access controls in a format designed for AHS supplier review. When the questionnaire arrives, your team can answer it accurately and quickly.

What we hear from Edmonton clinics

If any of this sounds familiar, it’s time to talk

“Our IT company set up our EMR but we’re not confident they understand HIA requirements.”

“AHS sent us a supplier security questionnaire and we don’t have answers for most of the questions.”

“We had a staff member leave and we’re not sure their access to patient records was fully removed.”

“Our EMR goes down at the worst times and our IT company takes hours to respond.”

“We don’t have MFA enabled because our last IT provider said it would be too complicated for clinical staff.”

“We’ve never tested a backup restore. We assume it works but we’ve never actually verified.”

What clients say

Edmonton healthcare organizations trust IT Works MSP

★★★★★

“Their helpdesk is responsive and understands our clinical environment. Not some distant call centre reading a script.”

Healthcare clinic

Edmonton — Google Review

★★★★★

“Within the first month, they identified three security gaps we didn’t know we had. Everything is now documented and we know who owns what.”

Medical practice

Edmonton — Google Review

Edmonton healthcare IT questions

Common questions from Edmonton clinics

What is the Health Information Act and how does it affect our clinic?

Alberta’s Health Information Act (HIA) governs how health custodians collect, use, and disclose patient health information. For Edmonton clinics, this means your IT systems must restrict access to authorized custodians, encrypt patient health information, maintain audit logs of who accessed records, and support breach notification to the OIPC if a breach occurs. Most general MSPs know PIPEDA. HIA is different and more specific. We design clinic IT environments around HIA requirements from the start.

Do you integrate with Accuro, Wolf, and other Edmonton EMR systems?

Yes. We support Accuro, Wolf EMR, Oscar, Telus Health, and other platforms used by Edmonton medical and dental clinics. We integrate your EMR with Microsoft 365 authentication and device management, manage software updates around your clinical schedule, and ensure that your EMR’s security requirements are met without conflicting with your other IT controls.

Can you help us satisfy AHS supplier security requirements?

Yes. Organizations working with Alberta Health Services face supplier security questionnaires that ask detailed questions about your IT controls: MFA, encryption, access management, incident response, and data handling. We align your IT environment with AHS supplier expectations and maintain documentation your team can produce when the questionnaire arrives.

Won’t MFA slow down clinical staff between patients?

This is the most common concern we hear from clinical managers. In practice, once staff have the Microsoft Authenticator app configured, the additional step takes about three seconds per login. We configure session persistence so staff don’t re-authenticate every time they access the EMR during a shift — only when they return from a break or change devices. We also pre-register devices so trusted clinic computers require less frequent re-authentication. The friction is minimal; the security benefit is significant.

How do you handle onboarding and offboarding clinical staff?

New staff get access to exactly the systems their role requires — nothing more — within hours of their start date. When a staff member leaves, all access is terminated immediately: Microsoft 365, EMR, email, remote access, and any connected devices. We provide a documented offboarding report within 24 hours. This is particularly important in healthcare, where lingering access to patient health information creates real HIA liability.

How quickly can you onboard an Edmonton healthcare clinic?

We complete clinical onboarding in under two weeks without disrupting patient care. We schedule all technical work around your clinic hours — updates, configurations, and transitions happen outside clinical time. Week one: IT assessment, HIA gap analysis, and EMR integration review. Week two: MFA rollout, device management, backup deployment, and helpdesk transition. Your staff gets a dedicated contact who understands clinical workflows.

IT resources for Edmonton healthcare organizations

🏘️

Managed IT Services Edmonton

Full-service managed IT for Edmonton businesses across all sectors

🛡️

Cybersecurity Services

EDR, MFA, email security, and 24/7 monitoring for healthcare environments

💾

Backup & Disaster Recovery

Clinical data backup with tested recovery procedures and defined RTOs

Ready to get HIA-compliant IT for your Edmonton clinic?

Book a free assessment and get a clear picture of your current HIA compliance gaps, EMR security posture, and what AHS supplier compliance actually requires.

Book Your Free Assessment