The Personal Information Protection and Electronic Documents Act - PIPEDA
In Canada there are Privacy Laws that regulate how the sharing and storing of health records can occur. There are Federal Regulations for all of Canada and then Provincial regulations in all of the provinces. The Federal Laws are referred to as PIPEDA, which stands for The Personal Information Protection and Electronic Documents Act. It is important that you as an individual or your clinic is compliant with these regulations.
The law requires that:
- organizations must obtain an individuals consent when collecting, using, disclosing any individuals personal information.
- people have the right to see and access any personal information that is being held by an organization
- people have the right to challenge the accuracy of the personal information that is held by an organization.
- personal information can only be used for the purpose that it was collected for. If the organization wants to use if for a different purpose they must get consent again.
In this way personal information is protected and safe-guarded against misuse.
The goal of this webpage is have all the links to each province's regulations in one place for ease of access.
Provincial privacy laws which are similar to PIPEDA
Many of the provinces have adopted privacy legislation that is very similar to the Federal PIPEDA in their rules surrounding the collection, use or disclosure of personal information. British Columbia, Alberta, Ontario, Quebec, New Brunswick, Nova Scotia, Newfoundland and Labrador are adopted private-sector privacy laws that are very similar to PIPEDA. It is important that you check with your provincial regulatory bodies to confirm you are abiding by the privacy regulations in your region.
Organizations in Northwest Territories, Yukon and Nunavut are under the Federal PIPEDA regulations.
Information that crosses borders
Any businesses that has any personal information that is crossing any provincial or national borders are bound by the rules of PIPEDA.
Federally regulated organizations
All Federally regulated organizations that conduct business in Canada are always subject to PIPEDA. The Act also applies to their employees’ personal information.
What is personal information?
Personal information about a person is as follows:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
More information can be found at the PIPEDA website
British Columbia Privacy Laws
British Columbia follows the PIPA, BC Persononal Information Protection Act
You can also check with the Privacy Commissioner of BC
In Vancouver the phone number is 604-660-2421
Other areas of BC: 800-663-7867
Email: info@oipc.bc.ca
Alberta Privacy Laws
Alberta has the HIA - The Health Information Act.
As well clinics must complete a PIA - Privacy Impact Assessment
The Health Information Act states that the Privacy Impact Assessment must be submitted to the Office of the Information and Privacy Commissioner prior to implementing a new system or practice.
Clinics in Alberta can contact the OIPC through phone or email. More resources are available at the OIPC website.
Phone: 780-422-6860
Email: generalinfo@oipc.ab.ca
Saskatchewan Privacy Legislation
Saskatchewan health records are regulated by HIPA - Health Information Protection Act
Saskatchewan's Office of Information and Privacy Commissioner can be contacted by
Phone: 306-787-8350
Toll free: 877-748-2298
Email: webmaster@oipc.sk.ca
Manitoba Privacy Legislation
Manitoba Clinics and Health Care professionals follow the PHIA - The Personal Health Information Act
In Manitoba the Access and Privacy Division can be contracted through the Manitoba Ombudsman by
Phone: 204-982-9130
Toll Free: 800-665-0531
Ontario Privacy Legislation
Ontario clinics and health care professionals follow the PHIPA - Personal Health Information Protection Act. According to Canada's Federal PIPEDA, Ontario's legislation has been deemed "Substantially Similar" to PIPEDA.
The Privacy Commissioner of Ontario can be contacted by:
Phone - Toronto Area: 416-326-3333.
Toll Free: 800-387-0073
Email: info@ipc.on.ca
Quebec Privacy Legislation
Québec follows the APPIPS - Act Respecting the Protection of Personal Information in the Private Sector. Here again the Quebec legislation has been deemed "Substantially Similar" to the Federal PIPEDA laws.
To contact the Commission d’accès à l’information du Québec.
Quebec Office 2.36 525, boul. René-Lévesque Est Québec (Québec) G1R 5S9 Telephone: 418 528-7741 Fax: 418 529-3102 |
Montreal Office 18.200 500, boul. René-Lévesque Ouest Montreal (Quebec) H2Z 1W7 Telephone: 514 873-4196 Fax: 514 844-6170 |
Toll free phone: 1 888 528-7741
Email: cai.communications@cai.gouv.qc.ca
New Brunswick Privacy Legislation
Clinics and health care providers follow the PHIPAA - Personal Health Information and Access Act. New Brunswick's privacy laws for health records have been deemed "Substantially Similar" to the Federal PIPEDA.
Contact the Office of the Integrity Commissioner by:
Phone: 506-453-5965
Toll Free: 877-755-2811
Email: access.info.privacy@gnb.ca
Office of the Integrity Commissioner
Phone: 506-457-7890
Fax: 506-444-5224
E-mail: oic-bci@gnb.ca
Newfoundland and Labrador Privacy Legislation
Newfoundland & Labrador clinics and health care providers follow the PHIA -Personal Health Information Act & Pharmacy Network Regulatons. Newfoundland & Labrador privacy laws have been deemed "Substantially Simila" to the Federal PIPEDA legislation.
Contact information for the Office of the Information and Privacy Commissioner:
Phone: 709-729-6309
Toll Free: 877-729-6309
Email: commissioner@oipc.nl.ca
Nova Scotia Privacy Legislation
Nova Scotia clinics and health care providers follow the PHIA - Personal Health Information Act. Nova Scotia legislation is "Substantially Similar" to Federal PIPEDA legislation.
Contac the Office of Information and Privacy Commissioner by
Phone: 902-424-4684
TTY: 800-855-0511
Toll-Free: 1-866-243-1564
Agency Website:
http://oipc.novascotia.ca
General Email:
oipcns@novascotia.ca
Prince Edward Island Privacy Legislation
Prince Edward Island follows the Federal PIPEDA legislation for all clinics and health care professionals handling health records.
Contact the Office of the Information and Privacy Commissioner by:
Phone: 902-368-4099
Email: assembly@assembly.pe.ca
Email karose@assembly.pe.ca.
Yukon Privacy Legislation
Yukon clinics and health care providers follow Federal PIPEDA. Yukon also follows HIPMA- Health Information Privacy and Management Act for its health records.
Contact the Yukon Ombudsman, Information and Privacy Commissioner & Public Interest Disclosure Commissioner by:
Phone: 867-667-8468,
Toll free: 800-661-0408 (ext. 8468)
Email: info@ombudsman.yk.ca.
Fax: 867-667-8469
Northwest Territories Privacy Legislation
Northwest Territories clinics and health care providers follow the HIA - Health Information Act. Due to it not being deemed "Substantially Similar" it also must adhere to PIPEDA.
Contact the Office of Information and Privacy Commissioner
Phone Number: 1-867-669-0976
Toll Free: 1-888-521-7088
Fax Number: 1-867-920-2511
Email Address: admin@atipp-nt.ca
Nunavut Privacy Legislation
Nunavut follows PIPEDA -The Personal Information Protection and Electronic Documents Act legislation
The Information and Privacy Commissioner of Nunavut follows PIPEDA for all provincial private sector privacy issues.
Contact the Information and Privacy Commissioner by:
Phone: 1-867-669-0976
Toll free: 1-888-521-7088
Fax: 1-867-920-2511
Email: admin@atipp-nu.ca