The Personal Information Protection and Electronic Documents Act - PIPEDA
In Canada there are Privacy Laws that regulate how the sharing and storing of health records can occur. There are Federal Regulations for all of Canada and then Provincial regulations in all of the provinces. The Federal Laws are referred to as PIPEDA, which stands for The Personal Information Protection and Electronic Documents Act. It is important that you as an individual or your clinic is compliant with these regulations.
The law requires that:
- organizations must obtain an individuals consent when collecting, using, disclosing any individuals personal information.
- people have the right to see and access any personal information that is being held by an organization
- people have the right to challenge the accuracy of the personal information that is held by an organization.
- personal information can only be used for the purpose that it was collected for. If the organization wants to use if for a different purpose they must get consent again.
In this way personal information is protected and safe-guarded against misuse.
The goal of this webpage is have all the links to each province's regulations in one place for ease of access.
Provincial privacy laws which are similar to PIPEDA
Many of the provinces have adopted privacy legislation that is very similar to the Federal PIPEDA in their rules surrounding the collection, use or disclosure of personal information. British Columbia, Alberta, Ontario, Quebec, New Brunswick, Nova Scotia, Newfoundland and Labrador are adopted private-sector privacy laws that are very similar to PIPEDA. It is important that you check with your provincial regulatory bodies to confirm you are abiding by the privacy regulations in your region.
Organizations in Northwest Territories, Yukon and Nunavut are under the Federal PIPEDA regulations.
Information that crosses borders
Any businesses that has any personal information that is crossing any provincial or national borders are bound by the rules of PIPEDA.
Federally regulated organizations
All Federally regulated organizations that conduct business in Canada are always subject to PIPEDA. The Act also applies to their employees’ personal information.
What is personal information?
Personal information about a person is as follows:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
More information can be found at the PIPEDA website
Alberta Privacy Laws
Alberta has the HIA - The Health Information Act.
As well clinics must complete a PIA - Privacy Impact Assessment
The Health Information Act states that the Privacy Impact Assessment must be submitted to the Office of the Information and Privacy Commissioner prior to implementing a new system or practice.
Clinics in Alberta can contact the OIPC through phone or email. More resources are available at the OIPC website.
Saskatchewan Privacy Legislation
Saskatchewan health records are regulated by HIPA - Health Information Protection Act
Saskatchewan's Office of Information and Privacy Commissioner can be contacted by
Toll free: 877-748-2298
Ontario Privacy Legislation
Ontario clinics and health care professionals follow the PHIPA - Personal Health Information Protection Act. According to Canada's Federal PIPEDA, Ontario's legislation has been deemed "Substantially Similar" to PIPEDA.
The Privacy Commissioner of Ontario can be contacted by:
Phone - Toronto Area: 416-326-3333.
Toll Free: 800-387-0073
Quebec Privacy Legislation
Québec follows the APPIPS - Act Respecting the Protection of Personal Information in the Private Sector. Here again the Quebec legislation has been deemed "Substantially Similar" to the Federal PIPEDA laws.
To contact the Commission d’accès à l’information du Québec.
525, boul. René-Lévesque Est
Québec (Québec) G1R 5S9
Telephone: 418 528-7741
Fax: 418 529-3102
500, boul. René-Lévesque Ouest
Montreal (Quebec) H2Z 1W7
Telephone: 514 873-4196
Fax: 514 844-6170
Toll free phone: 1 888 528-7741
New Brunswick Privacy Legislation
Clinics and health care providers follow the PHIPAA - Personal Health Information and Access Act. New Brunswick's privacy laws for health records have been deemed "Substantially Similar" to the Federal PIPEDA.
Contact the Office of the Integrity Commissioner by:
Toll Free: 877-755-2811
Newfoundland and Labrador Privacy Legislation
Newfoundland & Labrador clinics and health care providers follow the PHIA -Personal Health Information Act & Pharmacy Network Regulatons. Newfoundland & Labrador privacy laws have been deemed "Substantially Simila" to the Federal PIPEDA legislation.
Contact information for the Office of the Information and Privacy Commissioner:
Toll Free: 877-729-6309
Nova Scotia Privacy Legislation
Nova Scotia clinics and health care providers follow the PHIA - Personal Health Information Act. Nova Scotia legislation is "Substantially Similar" to Federal PIPEDA legislation.
Contac the Office of Information and Privacy Commissioner by
Prince Edward Island Privacy Legislation
Prince Edward Island follows the Federal PIPEDA legislation for all clinics and health care professionals handling health records.
Contact the Office of the Information and Privacy Commissioner by:
Yukon Privacy Legislation
Yukon clinics and health care providers follow Federal PIPEDA. Yukon also follows HIPMA- Health Information Privacy and Management Act for its health records.
Toll free: 800-661-0408 (ext. 8468)
Northwest Territories Privacy Legislation
Northwest Territories clinics and health care providers follow the HIA - Health Information Act. Due to it not being deemed "Substantially Similar" it also must adhere to PIPEDA.
Contact the Office of Information and Privacy Commissioner
Phone Number: 1-867-669-0976
Toll Free: 1-888-521-7088
Fax Number: 1-867-920-2511
Email Address: email@example.com
Nunavut Privacy Legislation
The Information and Privacy Commissioner of Nunavut follows PIPEDA for all provincial private sector privacy issues.
Contact the Information and Privacy Commissioner by:
Toll free: 1-888-521-7088