Federal Privacy Commissioner on Bill c-27 news release.

Report into the 2021 cyber attack on Newfoundland health information systems released.

Privacy Commissioner of Canada announced his office is launching a joint investigation into OpenAI

Federal Privacy Commissioner launches new guidance on workplace privacy

Cybersecurity: Best Practices for Setting Up a Security Operations Centre

Alberta IPC finds risk of significant harm from stolen server.

Updates to Chapter 3 for the Guide to FOIP and the Guide to LA FOIP are now available!

Steps for effectively deploying multi-factor authentication.

Concerns about AI

Federal Privacy Commissioner issued updated guidance on privacy in the work place


A Privacy Agreement? What is it?

April 10, 2019 - Kayla Little, Practicum Student, Saskatchewan Polytechnic - Health Information Management

Many employees working with or around personal health information (PHI), whether current or newly employed, will most likely be required to sign an agreement indicating they understand their obligations to keep information confidential. These agreements usually address a variety of information including PHI, personal information (PI), business information and information about an organization’s business partners. The IPC recommends that public bodies and trustees establish separate agreements for confidentiality of information where the information does not contain PI or PHI and privacy agreements that outline the legislative obligations to protect individual’s PI and PHI. What should be included in a privacy agreement though? The IPC has recently developed a Sample Privacy Agreement for Trustees: Protection of Personal Health Information to assist trustees as defined in The Health Information Protection Act (HIPA) in meeting privacy obligations.

HIPA includes a duty to protect PHI. Trustees should ensure all policies, procedures, agreements and training provide clear expectations and obligations for employees.

The IPC’s Sample Privacy Agreement provides the basic obligations to protect PHI under HIPA. Trustees should consult this resource and tailor it to meet the needs of their organization and employees. This includes meeting not only the requirements set out by HIPA but also any other provincial or federal legislative requirements for the protection of PI.

The IPC recommends that all public bodies and Trustees provide mandatory annual access and privacy training to all employees and that all agreements such as a privacy agreement be reviewed and re-signed annually.

Download PDF

Categories: BlogTags:

Back to Blog