Comparing the Acts

Governing Privacy Legislation in Alberta

FOIP:

Applies to public bodies and their employees

Applies to records and information in the "custody or control" of University of Alberta - this generally means records and information which are handled in the course of the operations or activities of the university.

Controls the manner in which personal information is collected, used and disclosed by the university

Protection of personal information

With limited exceptions, allows individuals a right of access to:

Information about themselves (personal information)

General records under the custody or control of the university

Allows for independent review (Office of the Information and Privacy Commissioner of Alberta)

Definitions:

Public Body - an educational body, health care body, local government body, department/branch/office of the Government of Alberta

Employee - a person who performs a service to a public body as an appointee, volunteer, student or under contact or agency relationship wit the public body


HIA:

Applies to custodians and their affiliates

Enables health information to be shared and accessed to provide health services or manage the health system

Establishes strong and effective mechanisms to protect the privacy of individuals and the confidentiality of health information

Establishes the rules that must be followed in the collection, use, and disclosure of health information

With limited exceptions, allows individuals a right of access to health information about themselves

Allows for independent review (Office of the Information and Privacy Commissioner of Alberta)

Definitions:

Custodian - an organization or a health service provider (ex. Alberta Health Services, Covenant, physician, surgeon, dentist, pharmacist, nursing homes)

Affiliate - employees, appointees, volunteers, students, contractors of a custodian


PIPA:

Applies to private sector

Examples:

A physician directly hiring an employee - the employee information would be governed by PIPA.

Private Physician clinics, Medi-Centre clinics

Home Depot, Canadian Tire


HIA vs FOIP

Health Information (HIA)

Personal Information (FOIP)

Applies where a health service is provided and includes:

- diagnostic, treatment and care information

- registration information

- health service provider information

 

Recorded information about an individual and includes:

- name, address, contact numbers

- race, ethnic origin, religious or political beliefs

- age, sex, marital status

- education, financial, employment history

*FOIP ends where HIA begins. Information falling outside of the definition of health information is governed by the provisions of FOIP.


Definitions:

Diagnostic, treatment and care information - physical and mental health, health services provided, drugs, aids, device, equipment, and any other information collected when a health service is provided to an individual

Registration information - demographic information (including name, date of birth, PHN, marital status); location residency and telecommunications information; health services eligibility and billing information

Health service provider information - name, title, business contact information, date of birth, employment status, professional information as it relates to a health service to an individual

Type of Information FOIP HIA
Employee work schedules X

Employee phone lists, on-call contact lists

X
Blood tests and X-Ray results

X

Employee Payroll information, paystubs, tax information

X
Physician referrals & assessments X

Fitness for work records (Occupational Health & Safety)

X
Job Postings X

 

*PIPA would generally apply, rather than FOIP, for an entity that is a private physician clinic or medi-centre clinic.