[CAD] Compliance with Privacy Laws in Manitoba (PHIA)
The Personal Health Information Act (PHIA)
The
Personal Health Information Act is Manitoba’s privacy law relating to health records, and governs the collection, use, disclosure, retention, disposal and destruction of personal health information.
. A full list of the policies and procedures that practices must comply with for PHIA can be found
here.
Owl and PHIA
Owl helps practices comply with PHIA in a number of ways:
- The right to request access to your personal health information: Extensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
- A Trustee is required to create and maintain, or have created and maintained, a record of user activity for any electronic information system it uses to maintain personal health information: We keep comprehensive internal logs of all of this information, so if a Practice Owner is ever concerned about a user’s activity on their account, they can reach out to us for information on what that user has been doing.
- A Trustee is required to audit records of user activity to detect security breaches: Practice owners have the option to receive a notification when failed login attempts are made so you can mitigate if needed with the user or identify unauthorized attempts at access to the account. These login notifications contain information such as location the individual was attempting to login from, the login credentials they attempted to use (not their password),
- PHI held on a computer or in the memory found in other electronic equipment, such as photocopiers and fax machines, needs to be magnetically erased or overwritten in such a way that the information cannot be recovered: We own all hardware that stores any of our customers data which means we own the hard drives. Once we remove data from the hard drives we then overwrite it with other data to ensure it's deleted.
Other Legislation
Other acts that may be potentially relevant to clinics in Manitoba are:
The Office of the Ombudsman for Manitoba can be reached through the contact details
on this website.