To:
Holders of the Administrative Manual
From: Legal Services
Date: August 2014
Re:
CH 30-100 – Privacy and Confidentiality of Personal Health Information
The Personal Health Information Act (PHIA) came into force on June 1, 2013. The objective of PHIA
is to protect individuals’ privacy while allowing custodians to provide, support and manage health
care. In response to the new legislation, Capital Health has made revisions to Policy CH 30-100 –
Privacy, including renaming the policy “Privacy and Confidentiality of Personal Health
Information.” A summary of the updates follows:
Changes in terminology and definitions were made to match the language of PHIA (e.g. “Personal
Information” is now “Personal Health Information”). The revised policy provides clear direction on
when collection of personal health information is appropriate, and the situations in which use and
disclosure of the information is permitted. The revised policy also describes more responsibilities for
CDHA in the Accountability section. There are new provisions with respect to managing requests for
correction of an individual’s personal health information. The Safeguards section has been given
more detail and describes best practices with regards to protecting personal health information,
along with practical examples. A detailed Complaints process has also been included, specifying the
methods of reporting privacy breaches or non-compliance with PHIA. There is a new section
concerning retention, destruction, disposal and de-identification of personal health information, in
compliance with PHIA.
The revised Privacy and Confidentiality of Personal Health Information Policy is a readerfriendly version of the obligations set out in PHIA with respect to privacy and confidentiality and
provides all Capital Health employees, physicians, learners and volunteers with a good overview of
their rights and limitations concerning personal health information.