Notice of Information Collection, Use and Disclosure (Health Information Act)
The Health Information Act (HIA) sets out rules on how personal health information maybe collected, used and shared. As a health service provider identified by the HIA, we are required to notify you, the client, on how your information may be collected, used and shared.
On this page
- A client’s personal health information cannot be collected, used, or shared if non-identifiable data will do.
- Health service providers cannot collect, use, or share more client information than is absolutely necessary.
These principles must be applied to all the ways in which we may collect, use, or share your personal health information.
We can collect personal health information if:
- you or your substitute decision-maker consents; or
- we are allowed to collect or have your information shared with us under the HIA or any other law.
Under the HIA, we can collect your information from another person if:
- you consent to another person providing the information;
- the information is collected from a health services provider to provide health services to you;
- we need to collect it this way to get accurate, timely information in a safe way;
- the information is necessary for verifying your eligibility for a health service;
- the information is for a genetic family history related to your health concerns or health services you receive;
- a law requires this; or
- a research ethics committee has allowed the collection from another person.
The only people who can collect or use your health care number are:
- a health service provider; or
- a person who is permitted by law to collect or use the number (e.g. a correctional facility worker can collect an inmate’s health care card number to provide health services to the inmate while in custody).
Before health service providers collect your personal health information using a recording device, they must tell you that they will be using the device.
We can only use your personal health information if you consent or if we are otherwise allowed or required by law to use it for a particular purpose.
Authorized (secondary) uses of personal health information include:
- the purpose for which it was collected and any related functions necessary to achieve the purpose;
- providing a health service to you;
- verifying eligibility for you to receive a health service;
- internal management purposes including resource allocation, audits, evaluations, quality improvement activities, processing payments, legal, risk and error management services, and professional mentorship training;
- inspecting and investigating a health facility;
- for research, if we get research ethics committee approval;
- to seek your express consent, e.g. passing your information on to an outside or academic researcher;
- to produce non-identifiable statistical data;
- to comply with a law or court order; and
- to perform “data matching”, where we compare one health record in one electronic system with another record in another electronic system to match up the correct Mr. John Smith client with the correct Mr. John Smith medical chart.
The Department of Health and Social Services and the Health and Social Services Authorities can also use your health information for the development of health programs and services, planning and resource allocation, public health surveillance and promotion, and for administration of the HIA.
We can only share your health information if you consent or if we are otherwise allowed or required by law.
Before disclosing information, we must be sure the person receiving the information is who they say they are and is allowed to get the information.
A third party can only use the information for the reason for which we shared the information or for a legal requirement. A third party cannot use more information than is necessary.
We can share your information as follows:
- with you;
- with the Information and Privacy Commissioner when it is necessary so that they can do their job;
- with other health service providers for authorized uses set out in the HIA (see above);
- with the Department of Health and Social Services and Health and Social Services Authorities for authorized uses (e.g. health system planning and management);
- with health service providers providing services to you;
- with a person other than a health care provider, if they need the information to care for you;
- with someone to find you a substitute decision maker, if you are injured or incapacitated;
- limited general diagnosis information to someone in a close personal relationship with you if this is done according to professional best practice and it does not go against a condition set by you;
- personal health information about deceased persons:
- in order to identify the person;
- to inform a relative or a person who was in a close personal relationship with the deceased about the patient’s death and any recent health services received;
- to inform another person, where reasonable, about the circumstances of the death;
- to the personal representative, executor, or spouse to deal with the patient’s estate;
- to a relative to allow that relative to make an informed health decision about them or their child; and
- to a person with custody of a child who is a relative of the deceased to make informed health decisions about the child. This allows for adoptive parents to get information about a child’s biological parent if deceased.
- for verifying your eligibility to receive an insured or non-insured health service or benefit provided by the GNWT or the Federal Government;
- for payment purposes;
- for reimbursing claims;
- for reciprocal billing with other jurisdictions, where necessary;
- with an investigator, adjudicator, complaints officer, or board of inquiry investigating a complaint against a health care provider;
- if we are a party in a legal proceeding;
- to comply with a subpoena or warrant;
- to comply with the rules of court;
- to an appointed litigation guardian or legal representative;
- to an official investigator or inspector;
- to a quality assurance committee set out in accordance with the Evidence Act for a quality assurance activity;
- to the head of a correctional facility to help the facility make decisions about arranging health services for an inmate, housing the inmate in the facility, or discharging the inmate;
- to the head of a mental health facility in which the patient is involuntarily held to help the facility make decisions about arranging health services for the patient or other matters (from accommodation needs to transfer considerations) as necessary;
- to auditors and those providing legal, error management, and risk management services to the health service provider;
- in order for a person considering taking over a health service provider’s practice or business (i.e. private pharmacy) to evaluate the health service provider’s business, subject to a confidentiality agreement;
- with a health provider taking over their business;
- with another health service provider to prevent fraud, limit abuse of health services delivered, or prevent a crime;
- for law enforcement purposes;
- to prevent or reduce an imminent threat or risk of serious harm to someone’s health or safety, or an imminent or serious threat to the public’s safety;
- with medical or mental health experts to consult them about the likelihood of an imminent threat from the above disclosure to a third party or from granting the patient access to their own information;
- with persons to determine if access and correction requests should be granted;
- with the Federal Government, a provincial/territorial government, an Aboriginal government, or a department or agency of these governments, to manage, monitor and evaluate the health system and health programs and services;
- with the NWT Bureau of Statistics and the Canadian Institute of Health Information so they can compile and analyze statistical information that would assist in health system planning carried out by the GNWT and those governments set out above;
- with the Department of Health and Social Services (i.e. system navigator) if a patient makes a complaint;
- with designated electronic health information systems, such as the electronic medical record system;
- with a prescription monitoring program;
- with public health authorities if necessary for a public health purpose; and
- with researchers subject to strict requirements set out in the HIA, particularly approval from a recognized and objective Research Ethics Committee.
Anytime a health service provider is not required to share your information, you can set limits on how you want your information used and shared, for example, who you want to see or don’t want to see what information can be shared. You can also withdraw your consent at anytime.
We cannot share information with other health service providers if this goes against a condition set by you.
Any conditions have to be set in writing and signed by you.