HomeEn FrançaisContact the Ombudsman
About the OfficeAccess and Privacy DivisionOmbudsman Division










Legislation
Legislation
Legislation



What's New
Site Map
Search
Privacy & Site Policy

 


Access and Privacy Division



The Privacy Compliance Tool

A privacy impact assessment is a diagnostic tool designed to assist organizations in reviewing their compliance with statutory information privacy requirements. This Privacy Compliance Tool (PCT) focuses on privacy concerns related to the collection, use, disclosure, retention and security of personal health information under The Personal Health Information Act (PHIA).

While the use of this due diligence tool is not a requirement under PHIA, it is an obligation of trustees to be in compliance with the provisions of the legislation. The PHIA PCT will assist trustees with compliance, and may be used by any entity that is developing or revising a program, a practice, legislation, information system, or embarking on any other initiative that involves identifiable personal health information. It may also be used to review existing programs.

The PHIA PCT consists of three documents:

  • The PHIA privacy compliance Checklist , which provides considerations for assessing compliance in a structured format. By responding systematically to the specific questions or statements related to each privacy element, public bodies and trustees will be able to review practices and determine what action may be needed to initiate or improve compliance.
  • The PHIA privacy compliance Guide , which identifies some best practices and provides assistance in completing the Checklist . It should be regarded as required reading prior to starting the assessment process.
  • The PHIA privacy compliance Checklist at a Glance , which provides an overview of the assessment consideration and responses.

This PCT has been designed as a self-assessment instrument for use by trustees that fall within the scope of PHIA. Public bodies dealing with personal information and personal health information should use the original PCT developed by our office, since it encompasses provisions of The Freedom of Information and Protection of Privacy Act and The Personal Health Information Act . The FIPPA and PHIA PCT is available separately on our web site at http://www.ombudsman.mb.ca/compliance.htm .

Some trustees may already have a privacy impact assessment template that they have used. We understand that Manitoba Health, for example, has a created a privacy impact assessment that must be used when the Department is involved in developing or modifying electronic information records systems and databases. The PHIA Privacy Compliance Tool is not intended to dislodge any such effective instrument that is in place, but we do invite trustees to use it as a measure of or a supplement to any existing tool.

The PHIA PCT is available in two formats: Portable Document Format (PDF) and Microsoft Word. To view and print the PDF version, you will need to have the Adobe Acrobat Reader installed on your system. You may get a copy of the Acrobat Reader from the Adobe web site.

Word version:

PHIA Privacy Compliance Tool, Guide (Word)
PHIA Privacy Compliance Tool, Checklist (Word)
PHIA Privacy Compliance Tool, Checklist at a Glance (Word)

PDF Version:

PHIA Privacy Compliance Tool, Guide (pdf)
PHIA Privacy Compliance Tool, Checklist (pdf)
PHIA Privacy Compliance Tool, Checklist at a Glance (pdf)

Back to Top