Alberta's Health Information Act (HIA) outlines the rules for the collection, use and disclosure of health information that is in the custody or under the control of a “custodian” — a defined term in the HIA, which includes Alberta Health Services and health professionals such as physicians and dentists who are regulated under the HIA.

Changes effective August 31, 2018

As of August 31, 2018, Alberta’s health custodians must give notice of any loss of or unauthorized access to or disclosure of individually identifying health information in the custody or control of the custodian, if there is a risk of harm to an individual as a result of such loss of or unauthorized access to or disclosure. The notice must be provided to:

  • the individual affected by the privacy breach;
  • the Information and Privacy Commissioner; and
  • the Minister of Health.

The Health Information Amendment Regulation will amend the Health Information Regulation (HIR) to include a list of factors in assessing whether there is a risk of harm to an individual as a result of the privacy breach. The HIR will also be amended to include specific details on the contents and method of providing the notice of loss or unauthorized access or disclosure of the individually identifying health information.

There will be new offence and penalty provisions for failing to properly notify the individual, Commissioner and Minister or failing to properly safeguard health information. The goal of the new mandatory reporting requirement is to put the HIA in step with other privacy legislation in Alberta and across Canada and better protect the health information of individuals.