The Personal Health Information Act (PHIA)
The Personal Health Information Act is Nova Scotia’s privacy law relating to health records, and has been that has been deemed “substantially similar” to the federal private sector privacy law with respect to health information custodians.“In most cases, if health professionals are compliant with PIPEDA, they will also be compliant with PHIA. There are a few exceptions where PHIA has additional privacy requirements:
1. PHIA requires that a custodian must report a breach of personal health information to an individual if, in the custodian’s opinion, the breach is likely to cause the individual harm or embarrassment. This is not required under PIPEDA.
2. PHIA requires that a custodian must be able to produce a record of user activity for any electronic information system the custodian uses to maintain personal health information. This is not required under PIPEDA.
3. PHIA requires that a custodian receive approval of a research ethics board for research conducted using personal health information the custodian itself has collected for care purposes. This is not required under PIPEDA.
In those cases, it would generally not be considered a conflict, as an individual custodian can comply with PIPEDA and the additional privacy protections in PHIA.” Source
Owl and PHIA
In regards to the first point above, while we take significant and extensive measures to ensure a security breach could never occur, if one was to take place, we would of course notify our customers immediately so that you could fulfill your obligations under the PHIAIn regards to the second point, we keep comprehensive internal logs of all of user activity in Owl, so if a Practice Owner is ever concerned about a user’s activity on their account, they can reach out to us for information on what that user has been doing. Currently, we don’t provide visible activity logs for clinics to be able to tell what users in their clinic have been editing or viewing, although we plan to add this functionality in the future. This doesn’t affect the Practice Owner’s ability to be compliant however, as they can produce these activity records through communication with us.
Other Legislation
Other acts that may be potentially relevant to clinics in Nova Scotia are:- Nova Scotia’s public sector privacy laws: The Freedom of Information and Protection of Privacy Act and the Privacy Review Officer Act
- Part XX of the Municipal Government Act
- The Personal Information International Disclosure Protection Act