Comparing the Acts
Governing Privacy Legislation in Alberta
FOIP:
Applies to public bodies and their employees
Applies to records and information in the "custody or control" of University of Alberta - this generally means records and information which are handled in the course of the operations or activities of the university.
Controls the manner in which personal information is collected, used and disclosed by the university
Protection of personal information
With limited exceptions, allows individuals a right of access to:
Information about themselves (personal information)
General records under the custody or control of the university
Allows for independent review (Office of the Information and Privacy Commissioner of Alberta)
Definitions:
Public Body - an educational body, health care body, local government body, department/branch/office of the Government of Alberta
Employee - a person who performs a service to a public body as an appointee, volunteer, student or under contact or agency relationship wit the public body
HIA:
Applies to custodians and their affiliates
Enables health information to be shared and accessed to provide health services or manage the health system
Establishes strong and effective mechanisms to protect the privacy of individuals and the confidentiality of health information
Establishes the rules that must be followed in the collection, use, and disclosure of health information
With limited exceptions, allows individuals a right of access to health information about themselves
Allows for independent review (Office of the Information and Privacy Commissioner of Alberta)
Definitions:
Custodian - an organization or a health service provider (ex. Alberta Health Services, Covenant, physician, surgeon, dentist, pharmacist, nursing homes)
Affiliate - employees, appointees, volunteers, students, contractors of a custodian
PIPA:
Applies to private sector
Examples:
A physician directly hiring an employee - the employee information would be governed by PIPA.
Private Physician clinics, Medi-Centre clinics
Home Depot, Canadian Tire
HIA vs FOIP
Health Information (HIA) |
Personal Information (FOIP) |
|
Applies where a health service is provided and includes: - diagnostic, treatment and care information - registration information - health service provider information
|
Recorded information about an individual and includes: - name, address, contact numbers - race, ethnic origin, religious or political beliefs - age, sex, marital status - education, financial, employment history |
*FOIP ends where HIA begins. Information falling outside of the definition of health information is governed by the provisions of FOIP.
Definitions:
Diagnostic, treatment and care information - physical and mental health, health services provided, drugs, aids, device, equipment, and any other information collected when a health service is provided to an individual
Registration information - demographic information (including name, date of birth, PHN, marital status); location residency and telecommunications information; health services eligibility and billing information
Health service provider information - name, title, business contact information, date of birth, employment status, professional information as it relates to a health service to an individual
| Type of Information | FOIP | HIA |
| Employee work schedules | X | |
|
Employee phone lists, on-call contact lists |
X | |
| Blood tests and X-Ray results |
X |
|
|
Employee Payroll information, paystubs, tax information |
X | |
| Physician referrals & assessments | X | |
|
Fitness for work records (Occupational Health & Safety) |
X | |
| Job Postings | X |
*PIPA would generally apply, rather than FOIP, for an entity that is a private physician clinic or medi-centre clinic.