Compliance: Protecting Personal and Personal Health Information

This page has compliance practice note guidance for public bodies and health information trustees on protecting personal information under FIPPA and personal health information under PHIA.

---

General Information

Under both FIPPA & PHIA

• 5 minute privacy checkup: personal information and personal health information (2019)
• Privacy considerations for emailing personal and personal health information (2008)
• Privacy considerations for faxing personal and personal health information (2008)
• Protecting personal and personal health information when working outside the office (2007)
• Protecting the privacy of access requesters (2007)

FIPPA only

• FIPPA: Distinguishing between personal information and business information under FIPPA (2011)

PHIA only

• 5 minute privacy checkup: personal health information (2019)

---

Privacy Breaches

• Key steps in responding to privacy breaches under FIPPA and PHIA (2022)
• FIPPA & PHIA: Privacy breach notification letter checklist (2022)
• FIPPA privacy breach risk rating tool (2022)
• PHIA privacy breach risk rating tool (2022)

---

Collection and Providing Notice of Collection

• Collection and providing notice of collection of personal information under FIPPA (2012)
• Collection and providing notice of collection of personal health information under PHIA (2010)
  • See available PHIA Notice Posters and Brochures in English and French:
    • Poster: PHIA Health Information Access and Privacy  [PDF]
    • Booklet: Health information access and privacy: A Guide to the Personal Health Information Act [PDF]

---

Use of Personal or Personal Health Information

• Use under FIPPA (2010)
• Use under PHIA (2010)

---

Disclosure of Personal or Personal Health Information

• Disclosure under FIPPA (2010)
• Disclosure under PHIA (2010)

---

Distinguishing from authorized disclosures

• Distinguishing between access to information requests and authorized disclosures under FIPPA and PHIA (2010)