Privacy of Health Information

No content found

Privacy Legislation

The Health Information Protection Act (HIPA)

HIPA was proclaimed in September 2003 and is legislation that governs the collection, use and disclosure of personal health information in the province of Saskatchewan. The Act defines and places obligations on health information “trustees,” which include government, regional health authorities, health professionals including physicians, and professional regulatory bodies. A person or organization is only a “trustee” if that person or organization has “custody or control of personal health information”. HIPA applies to personal health information in any form, including both paper and electronic records.

The HIPA regulations set out additional privacy principles, including describing some circumstances in which personal health information can be disclosed to third parties without the patient’s consent.

Saskatchewan Medical Association (SMA) / College of Physicians and Surgeons of Saskatchewan Position on Privacy

Maintaining confidentiality is a professional responsibility of physicians, and is a central part of the doctor-patient relationship. The patient, with few exceptions, has a right of access to, and to request an amendment of, his or her personal health information, but the physician owns the medical record. Physicians designated as trustees are accountable for the personal health information they collect, use and disclose through appropriate consent and safeguards. In addition, they are accountable to take reasonable measures to protect the personal health information that is in their custody or control.

The Personal Information Protection and Electronic Documents Act(PIPEDA) is legislation of the government of Canada for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of their commercial activity.

The information on this website focuses on the requirements of HIPA which, in the opinion of the SMA and the College, is more appropriate legislation for physicians when they deal with personal health information.

HIPA imposes some external controls to ensure that personal health information is managed appropriately. The SMA and the CPSS recommend that all physicians familiarize themselves and their staff with their responsibilities to maintain medical records in compliance with HIPA.

A Guide to Compliance with Privacy Legislation

Physicians traditionally have been cognizant of the duty to maintain patient confidentiality and to create complete and accurate medical records. HIPA establishes additional expectations to ensure that personal information is managed appropriately. The College recommends that all physicians familiarize themselves and their staff with their responsibilities to maintain health information in compliance with HIPA and the College’s bylaws and policies.

The College urges all physicians to avail themselves of the excellent resources found on the Saskatchewan Medical Association website related to physicians’ role in protecting the privacy of health information.