The Health Information Act includes tough privacy and security safeguard requirements to ensure patients’ personal health information is properly protected.
- Health care providers may only collect enough patient information necessary for the purpose of the collection.
- Health care providers must collect, use and share unidentifiable information unless identifiable information is necessary.
- Those responsible for maintaining personal health information under the HIA must take reasonable measures to protect the security and confidentiality of records.
- Health care providers must put in place standards, policies and procedures to implement and comply with the HIA.
- Administrative, technical and physical safeguards must be put in place and must be reviewed annually to protect patient information.
- Health care providers must put in place access controls, such as role-based access to electronic health information systems, to ensure only those health care providers who have a legitimate reason to view someone’s personal health information are able to see the information.
- When an individual’s personal health information is not used properly or goes missing, or there is any kind of privacy breach, those responsible must tell the individual as soon as possible.
- The Department of Health and Social Services and Health and Social Services Authorities must do privacy impact assessments when moving forward with new or significant changes to information systems and communication technologies. These privacy impact assessments must be shared with the Information and Privacy Commissioner (IPC), who may comment and provide feedback.
- When collecting a person’s information or using it, health care providers must ensure that this information is accurate and complete.
- The HIA requires compliance with the Act, regulations and any policies and standards adopted, and includes strong enforcement and penalty provisions.
Know your rights under the Act.
- Individuals have the right to be fully knowledgeable about how their health information will be collected, used and shared.
- Health care providers are expected to provide notice to individuals on why and how their information may be collected, used, and shared.
- Individuals can set limits and conditions on how their information may be collected, used or shared.
- Individuals have the right to see and get a copy of their health information.
- Individuals have the right to ensure their health information is correct and can ask for a correction if necessary.
- Individuals have the right to request a review by the Information and Privacy Commissioner if they believe their health information has been breached or if they have concerns over an access or correction request made.
- Individuals have the right to find out who has seen their health information.
For more information, please ask your health care provider or email HIA@gov.nt.ca.
The Access to Information and Protection of Privacy Act (ATIPP Act) gives you a legal right to request access to information held by Northwest Territories public bodies. The Department of Justice provides the following information on Access to Information and Protection of Privacy: