Content
Skip to Main ContentAccessibility Help
PEI

New P.E.I. health act will disclose privacy breaches

P.E.I.'s Health Information Act, passed in 2014 but not yet proclaimed, requires that Islanders be notified if their privacy is breached, says Information and Privacy Commissioner Karen Rose.

Health Information Act has passed in 2014, but not yet proclaimed

Kevin Yarr · CBC News ·
P.E.I.'s not-yet-proclaimed Health Information Act lays out new procedures in the event of privacy breaches. (File Photo)

P.E.I.'s Health Information Act, passed in 2014 but not yet proclaimed, requires that Islanders be notified if their privacy is breached, says Information and Privacy Commissioner Karen Rose.

A CBC news investigation revealed 6 of 10 provinces, including P.E.I., don't have laws requiring government to inform residents of health information breaches.

That is set to change in P.E.I., where the provincial government expects the new act to be proclaimed in 2017.

Privacy audits in the Department of Health are not currently shared with Information and Privacy Commissioner Karen Rose. (Government of P.E.I.)

"What the Health Information Act states is the public body, when they discover the breach, they manage it as quickly as possible by responding to it, trying to contain it, notifying the people who are affected by it, investigating it, and then looking at what additional systems they could put in place to ensure this doesn't happen again," said Rose.

She said breaches will also be reported to her under the new act and she will provide oversight on their management.

Health PEI says while there is not yet a legal requirement, it is the agency's current practice to report privacy breaches to both the commissioner and people affected.

Responsibilities being made clear

The delay in proclaiming the act is because health care providers need to be informed that their responsibilities will change, said a government spokesperson.

Staff at the Department of Health have been creating an educational package to explain the changes.

The province currently conducts audits to check if unauthorized personnel are looking at electronically stored information.

What the new Health Information Act says

36. (1)(c) notify the individual to whom the personal health information relates and the Commissioner in writing at the first reasonable opportunity if personal health information is

(i) stolen,

(ii) lost,

(iii) disposed of, except as permitted by this Act, or

(iv) disclosed to or accessed by an unauthorized person.

With files from Island Morning

CBC's Journalistic Standards and Practices|About CBC News
Corrections and clarifications|Submit a news tip|

Related Stories