Archive (Tag: PHI)
Data Residency Outside Canada for Trustees
Trustees often ask our office about the use of an information management service provider (IMSP) to manage personal health information. Some want to know about using IMSPs linked to companies outside Canada. Once personal health information leaves Canada, it becomes subject to the laws of the country where it resides. If an individual’s personal health... read more
Privacy Audits (updated)
Your organization has undertaken a privacy impact assessment (PIA) as part of its process of designing and implementing a new program. So, what’s next? Once the new program has gone live, your organization should plan regular privacy audits to ensure that the program is operating in a manner that complies with applicable access and privacy... read more
Collection/Disclosure; A Two-Step Analysis (updated)
When personal information or personal health information (information) is shared by one public body with another, the issue arises as to who has the authority to disclose and who has the authority to collect. Many collections of information happen when you or I visit a public body, apply for a service or benefit and fill... read more
Thieves Steal a Server From a Law Firm
I became aware of a case in Alberta, where thieves stole a computer from a law firm. Law firms hold a lot of information about their clients. Some of the information can be personal information and some can be personal health information, and the rest is usually viewed as highly confidential. Law firms, like any... read more