Protecting your personal health information under the Personal Health Information Act

What is the Personal Health Information Act?

The Personal Health Information Act or PHIA is a new provincial law that aims to balance your right to have your personal health information protected with the need of those in the health sector to use your information to provide you with appropriate care and treatment.

How does PHIA protect my personal health information?

PHIA requires that “custodians” of personal health information (including hospitals, physicians, dentists, and nursing homes) have policies and practices to protect your personal health information. Under PHIA we must:

  • follow PHIA’s requirements for appropriate collection,
  • use, disclosure, retention and destruction of your personal health information
  • have a privacy contact person who can answer your questions about our management of your personal health information
  • have policies to protect the privacy and security of your personal health information whether it is held on paper or in electronic form, or if it is unrecorded
  • have a complaints policy for you to use if you have concerns about our compliance with PHIA
  • take appropriate action if the privacy of your personal health information has been breached which may include notifying you or the Privacy Review Officer
  • handle your requests for access to and correction of your personal health information

Limits of confidentiality

Custodians are required by law to breech confidentiality under the following circumstances:

  • if your comments or behaviours suggest there is an imminent risk of harming yourself or someone else
  • if there is reason to suspect a child or vulnerable adult is in danger or being abused/neglected
  • if ordered by a judge or court of law

Who can see and use my personal health information?

  • individuals involved in your care and treatment, including students
  • individuals who require the information to get payment for your health care
  • anyone who can legally act for you with your consent
  • specified organizations who have a legal right to see the information

What are my rights under PHIA?

  • You have the right to have your personal health information collected, used, disclosed, retained and destroyed according to the provisions in PHIA.
  • You have the right to request access to your personal health information which is provided according to the PHIA access fee schedule
  • You have the right to request a correction to your personal health information.
  • You have the right to request information on who has accessed your personal health information held in electronic form.
  • You have the right to request that some or all of your personal health information not be collected, used or disclosed to specific individuals or organizations involved in your care.
  • You have the right to make a complaint to any custodian related to their management of your personal health   information.
  • You have the right to request a review by the Review Officer responsible for PHIA if you are not satisfied with the resolution of your complaint or your access or correction request.

Who do I contact for more information on my rights under PHIA?

This information is a summary of your rights and our obligations under PHIA. There are specific exceptions to these rights and obligations.

Additional information is included in our brochure [name of custodian’s brochure].

You can also contact our PHIA Contact Person at [contact person’s phone number and e-mail address].

For general information on PHIA, you can reach the Department of Health and Wellness PHIA contact at 1-902-424-5419 or toll-free at 1-855-640-4765.

You can also get general information on PHIA at  or by e-mailing your questions to