# Privacy impact assessment worksheet (custodian-facing inputs)

**Project name:**  
**Custodian:**  
**Author:**  
**Date:**  
**Not legal advice** — submit to the custodian privacy office for formal review.

## 1. Summary

- Business objective:
- Health information involved (identifiable / pseudonymous / de-identified):

## 2. Data flows

| Step | Data elements | System | Location | Legal basis / authority |
|------|---------------|--------|----------|-------------------------|
| | | | | |

## 3. Collection, use, disclosure

- Collection method and notice to individuals (if applicable):
- Primary uses:
- Secondary uses (analytics, AI training) and segregation:
- Disclosures (including vendors and subprocessors):

## 4. Safeguards

- Access control; MFA; encryption:
- Logging and audit:
- Retention and secure destruction:
- Cross-border and failover regions:

## 5. Risks and mitigations

| Risk | Likelihood | Impact | Mitigation | Residual risk |
|------|------------|--------|------------|---------------|
| | | | | |

## 6. Incident readiness

- Notification paths (internal, custodian, OIPC if required):
- Tabletop date:

## 7. Approvals

- Privacy office sign-off (when obtained):
- Clinical / IT security review: