If you’re looking for a bird’s eye view of privacy regulation in Canada and, more specifically, in your province, this Guide offers a quick look at data protection based on your location.
The information in this document is not intended to be nor should it be interpreted as legal advice.
Overview of Federal Law in Canada
The privacy law for allied health businesses in Canada is The Personal Information Protection and Electronic Documents Act (PIPEDA). In some cases, clinics will directly apply these federal laws, but many Jane users across Canada are going to want to check at the provincial level first.
3 General Tips
There are 3 things you can do that will go a long way in making sure your clinic is compliant:
1 - Pay attention to any health information laws applicable to your business in your province.
2 - File Privacy Impact Assessments if it is required in your province. (Alberta clinics, that’s definitely you.)
3 - Check with your provincial Office of the Information and Privacy Commissioner and your college/association for further recommendations.
Privacy by Province
British Columbia
-
In BC, clinics follow PIPA BC Personal Information Protection Act - For more information on how your clinic can use Jane to comply with BC law, read our Guide doc: Privacy: Compliance for Clinics in British Columbia
-
For more information, contact the Privacy Commissioner of BC: Vancouver: (604) 660-2421. Elsewhere in BC: (800) 663-7867. By email: [email protected]. The Commissioner urges: “The email you send to the Privacy Commissioner or that they send to you could be intercepted in transit or sent to the wrong address. If you are concerned about confidentiality, you should send your message by a secure means.”
Ontario
-
Clinics in Ontario will follow: PHIPA Personal Health Information Protection Act – Ontario’s provincial law specifically for health records. It has legally been deemed “Substantially Similar” to PIPEDA, and this is the law allied health clinics in Ontario will need to follow.
-
To contact the Privacy Commissioner of Ontario: Toronto Area: 416-326-3333. Long distance: 1-800-387-0073. By email: [email protected]. The Commissioner urges: “It is an unfortunate reality of the present Internet that communications carried over it are neither secure nor verifiable. Do not send personal information by e-mail.”
Alberta
-
For the privacy and security of health information in Alberta, clinics must follow The HIA Health Information Act. For more information, see the HIA Website.
-
Clinics are responsible for completing a Privacy Impact Assessment (PIA). We recommend that clinics submit Jane’s Privacy Policy and Terms & Conditions as documentation of the Information Management Agreement (IMA) between Jane and your clinic.
Under the HIA, submission of your PIA to the Office of the Information and Privacy Commissioner is mandatory and must precede implementation of your new system or practice.
-
Copies of these PIA Requirements, as well as links to other resources, are available from the OIPC website.
-
Alberta clinics may also contact the OIPC by phone at 780-422-6860 or email at [email protected].
Nova Scotia
-
Clinics will follow: PHIA Personal Health Information Act - Nova Scotia’s law regarding health records that has been deemed “Substantially Similar” to PIPEDA.
-
Contact the Office of Information and Privacy Commissioner at (902) 424-4684. Or view their Contact page for additional lines of communication.
New Brunswick
-
Clinics in New Brunswick follow PHIPAA Personal Health Information and Access Act - privacy law for health records that is “Substantially Similar” to PIPEDA.
-
Contact the Office of the Integrity Commissioner at Telephone: (506) 453-5965, Toll-free: 1-877-755-2811 or via email at [email protected].
Newfoundland & Labrador
-
Clinics in Newfoundland & Labrador follow PHIA & Pharmarcy Network Regulations Personal Health Information Act and Pharmacy Network Regulations - health records law deemed “Substantially Similar” to PIPEDA.
-
Contact the Office of the Information and Privacy Commissioner at (709) 729-6309, Toll Free in Newfoundland and Labrador: 1-877-729-6309, or via email at [email protected].
Manitoba
-
Clinics in Manitoba follow The Personal Health Information Act (PHIA).
-
Contact the Access and Privacy Division of the Manitoba Ombudsman at 204-982-9130 (in Winnipeg) or 1-800-665-0531 (toll free in Manitoba).
Québec
-
APPIPS Act Respecting the Protection of Personal Information in the Private Sector – private sector law deemed “Substantially Similar” to federal law.
-
Informations de contact: Commission d’accès à l’information du Québec.
Northwest Territories
-
HIA Health Information Act - for health records, but not deemed substantially similar to PIPEDA.
-
Contact the Office of Information and Privacy Commissioner at 1-867-669-0976, toll free at 1-888-521-7088, and via email at [email protected].
Nunavut
-
The Information and Privacy Commissioner of Nunavut follows PIPEDA for all provincial private sector privacy issues.
-
Contact the Information and Privacy Commissioner at 1-888-521-7088, (Toll Free) 1-867-669-0976 (Yellowknife), email [email protected].
PEI
-
PEI has no direct law relating to public health records, and all clinics need to comply with PIPEDA.
-
Contact the Office of the Information and Privacy Commissioner at (902) 368-4099 or by email [email protected].
Saskatchewan
-
HIPA Health Information Protection Act – health records law, not substantially similar to PIPEDA.
-
Contact the Office of the Saskatchewan Information and Privacy Commissioner at 306-787-8350, toll free within Saskatchewan at 1-877-748-2298, or by email at [email protected].
Yukon
-
Organizations in Yukon are subject to PIPEDA.
-
Yukon also has HIPMA Health Information Privacy and Management Act – for health records, but not substantially similar to PIPEDA.
-
Contact the Yukon Ombudsman, Information and Privacy Commissioner & Public Interest Disclosure Commissioner at 867-667-8468, toll free in the Yukon at 1-800-661-0408 (ext. 8468), or by email at [email protected]. The Commissioner’s website warns about emails: “There are risks to emailing information over the Internet as email communications can be intercepted. As a result, emails containing personal information should not be sent to our office unless encrypted. Information containing personal and confidential information can be sent to us by fax or mail.”
Still Have Questions?
Have any questions about this guide or anything else related to privacy? Feel free to email Privacy and Security Support at [email protected] and we’d love to clarify anything you’re unsure on!