OIPC Logo

HIA

The OIPC is undertaking a review of its resources. If there is a resource from the previous website that is no longer available, please contact the office.

  • 8 Tips for Managing Emails

    This one-page tip sheet is based on the OIPC's Guidelines for Managing Emails. This guidance was issued to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Published in March 2019.

  • ABTraceTogether Privacy Impact Assessment Review Report

    The OIPC released a report on its review of the ABTraceTogether contact-tracing application privacy impact assessment (PIA), given the global attention focused on contact-tracing apps during the COVID-19 pandemic. The PIA was submitted by Alberta Health, and endorsed by Alberta Health Services. The OIPC accepted the PIA, with recommendations.

  • Access Impact Assessment Guidelines for Proactive Disclosure

    This document provides guidance on how to prepare an Access Impact Assessment for proactive disclosure of information. Published in September 2016.

  • Access to Information Laws in Alberta (Online Version)

    This brochure summarizes Alberta's access to information laws. The online version is for viewing on screens. Updated in March 2021.

  • Access to Information Laws in Alberta (Print Version)

    This brochure summarizes Alberta's access to information laws. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Updated in March 2021.

  • Addendum to the Submission to the Select Special Health Information Act Review Committee

    On August 24, 2004, the Commissioner provided an addendum to the submission that was sent on August 5, 2004.

  • Advisory for Communicating with Patients Electronically

    This advisory outlines how electronic communications with patients can improve efficiency, what the risks of electronic communications are, what steps custodians can take to mitigate those risks, and the policy and privacy impact assessment requirements that must be considered when communicating with patients electronically. This advisory consolidates two previous documents that were published in August 2012. This advisory was published in June 2019.

  • Advisory for Phishing

    This advisory was developed to assist senior leaders and employees in all sectors who are regularly subject to phishing incidents, based on breach reports the OIPC receives. The advisory defines phishing, describes how phishing is executed, outlines what to watch for to prevent phishing incidents, gives examples of safeguards to help mitigate the risks of phishing, and provides an overview of what to do if and when a breach occurs. Published in May 2019.

  • Advisory for Ransomware

    This advisory was developed to assist public bodies, health custodians and private organizations with preventing and responding to ransomware cyberattacks. Published in March 2016.

  • Advisory for Web Buckets

    This advisory was published in response to an increase in reported breaches involving cloud storage containers, or "web buckets", that are unintentionally exposed publicly online, typically through misconfigured properties or settings. The advisory is for organizations in the public, health and private sectors, and outlines what web buckets are, how web buckets are exposed, and privacy and security considerations for protecting personal or health information stored in web buckets. Published in October 2020.

  • Alberta Netcare: Know Your Rights Guide

    This guide outlines the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Alberta Netcare: Know Your Rights Postcard

    This postcard summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Alberta Netcare: Know Your Rights Poster

    This poster summarizes the rights afforded to Albertans under the Health Information Act with regard to Alberta Netcare, the province's electronic health record system. Published in May 2013.

  • Authorization to Disregard Requests

    The Commissioner has the power to authorize a public body, custodian or organization to disregard certain access requests or correction requests made to the public body, custodian or organization. The criteria for authorizing a public body, custodian or organization to disregard a request or requests are set out in section 55(1) of the Freedom of Information and Protection of Privacy Act (FOIP Act), section 87(1) of the Health Information Act (HIA), and section 37 of the Personal Information Protection Act (PIPA). Published in June 2017.

  • Bill 28: Public Health Amendment Act, 2016

    On November 9, 2016, the Commissioner wrote to the Minister of Health seeking clarification on certain provisions of Bill 28 - the Public Health Amendment Act, 2016.

  • Causes of Breaches and Breach Prevention Recommendations

    This document helps organizations, custodians and public bodies in understanding some causes of breaches and recommendations to prevent breaches. Published in 2012.

  • Commissioner's Letter on Proposed Health Information Act Amendments in Bill 46

    After Bill 46, Health Statutes Amendment Act, 2020 (No. 2) was tabled in the legislature on November 5, 2020, the Commissioner committed to reviewing the proposed amendments and making comments public. This letter issued on November 13, 2020 outlines the Commissioner's views on key proposed amendments, including expanded access to Netcare, expanded use of health information made available via Netcare, and the removal of a PIA requirement for Alberta Health, Alberta Health Services and the Health Quality Council of Alberta for certain information sharing activities.

  • Cybersecurity from a Privacy Regulator's Perspective

    On October 27, 2016, Commissioner Jill Clayton delivered a keynote presentation at Cybera's 2016 Cyber Summit, which focused on the Internet of Things, privacy breaches, privacy education, and privacy law from a European context.

  • Data Privacy Day Op-Ed: Privacy Breaches

    On January 28, 2016, the Commissioner submitted an op-ed to the Edmonton Journal and Calgary Herald for Data Privacy Day to emphasize the importance of valuing and protecting personal information by raising awareness about privacy breaches.

  • General Population Survey: Final Report

    The OIPC commissioned a public opinion survey to assess Albertans' awareness of access and privacy issues and laws. Published in April 2013.

  • General Population Survey 2017

    Albertans believe strongly that it is important to protect privacy and the right to access information in Alberta. The survey, conducted in October 2017, showed that 95% of respondents believe it is important to protect the privacy of personal information, but only 27% felt more secure about the privacy of their own personal information today than they did five years ago. More than 90% of respondents felt it is important to protect their right to access information, although only 39% were confident about their ability to exercise that right. Published in November 2017.

  • Guidance for Electronic Health Record Systems (PDF)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. Published in June 2016.

  • Guidance for Electronic Health Record Systems (Word)

    This guide was developed to assess the safeguards in electronic health record (EHR) systems. Custodians and their EHR service providers may use this document to support a Privacy Impact Assessment on an EHR system, or to examine whether changes to a system comply with Health Information Act requirements. This is an editable version of the guide. Published in June 2016.

  • Guidelines for Managing Emails

    The OIPC issued this high-level guidance document to assist public bodies, health custodians and private sector organizations and their staff in understanding that emails are records and should be managed in accordance with records management principles and the requirements of Alberta’s access to information and privacy legislation. Although the guidance provided in this document is directed at managing emails, the general principles may assist in managing records in other formats. Published in March 2019.

  • Guidelines on Facsimile Transmission

    The purpose of this was to set out guidelines to follow when developing systems and procedures to maintain the confidentiality and integrity of personal information received and transmitted by fax. Published in October 2002.

  • Health Information A Personal Matter: A Practical Guide to the Health Information Act

    This guide is intended to give custodians a basic understanding of HIA, including the areas custodians are most likely to encounter in the course of their practice or employment. It points out the major duties and powers created by the Act and the rules governing how those duties are to be fulfilled and how those powers are to be exercised. Published in August 2010.

  • Health Information Act Amendments

    On February 27, 2014, the Commissioner wrote to the Minister of Health recommending the inclusion of mandatory breach reporting and notification provisions in the Health Information Act.

  • Health Information Act: Use and Disclosure of Health Information for Research

    This guide explains the rules set out in HIA regarding the use and disclosure of health information for research purposes.

  • Health Information Act: Interpretation of the Word "Person"

    This practice note is meant help interpret the word "person" as used within section 34(2)(c) of the Health Information Act. Published in May 2005.

  • Inquiry Procedures

    This document outlines the procedures when a matter before the OIPC goes to inquiry. Published in May 2012, and updated in September 2020.

  • Inquiry: Preparing Records at Issue

    This document describes what respondents must do in preparing records at issue for an inquiry. Published in September 2020, and replaced "Adjudication Practice Note 1: Preparing Submissions, Records and Indexes for Inquiries".

  • Inquiry: Preparing Submissions

    This document outlines how to prepare submissions for an inquiry. There are also tips for providing evidence and arguments in a written submission. Published in September 2020, and replaced "Adjudication Practice Note 2: Evidence and Arguments for Inquiries".

  • Joint Resolution: Protecting and Promoting Canadians’ Privacy and Access Rights in Information Sharing Initiatives

    In a January 2016 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on governments at all levels to respect and promote privacy and access to information rights and principles when embarking on information sharing initiatives.

  • Joint Resolution: Modernizing Access and Privacy Laws for the 21st Century

    In an October 2013 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their governments to modernize access to information and privacy laws.

  • Joint Resolution: The Promise of Personal Health Records

    In a September 2009 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada called on Ministries of Health to keep Commissioners and the public informed of their progress toward developing and implementing personal health records.

  • Joint Resolution: Protect and Promote Canadians’ Access and Privacy Rights in the Era of Digital Government

    In an October 2014 joint resolution, Information and Privacy Ombudspersons and Commissioners from across Canada urged their respective governments to review and modernize their information management frameworks.

  • Joint Resolutions and Memorandum of Understanding

    The following page includes joint resolutions agreed upon by federal, provincial and territorial Information and Privacy Commissioners and Ombudspersons across Canada. The information is linked to the Office of the Privacy Commissioner of Canada's website. The page also includes a Memorandum of Understanding on privacy in the private sector between the Privacy Commissioner of Canada, and Information and Privacy Commissioners of Alberta and British Columbia.

  • Key Steps in Responding to Privacy Breaches

    This document outlines the four key steps in responding to privacy breaches for use by organizations, custodians or public bodies. The purpose is to provide guidance on how to manage a privacy breach. Updated in August 2018.

  • Managing Records When Transitioning from Work to Home

    The OIPC has received questions from organizations in all sectors about how to manage records or personal information when transitioning staff to work from home. To assist, the OIPC provided some points to consider. Published in April 2020.

  • Netcare Expedited PIA Process

    This document outlines the process the OIPC adopted on August 1, 2014 for accepting Privacy Impact Assessments for Alberta Netcare, the province's electronic health record. This followed the release of a new guide issued by Alberta Health in January 2014. Published in August 2014, contact information within the document was updated in July 2016.

  • Principles for Getting Information Sharing Right

    This document outlines six principles to consider when planning for an information sharing initiative. The principles are transparency, legal authority, privacy impact assessments, access and correction, accountability and oversight. It also provides links to related documents. Published in June 2017.

  • Privacy Breach Response and Reporting under HIA

    This PowerPoint presentation is to be used by health custodians or their regulatory colleges and associations to train staff or memberships on the breach reporting obligations under HIA and to provide general guidance on managing a privacy breach. Published in August 2018.

  • Privacy Impact Assessment Requirements

    This guide is meant to assist public bodies, health custodians and organizations in drafting PIAs for projects that hat have privacy risks. Please note that all mention of legislation in this guide refers to the Health Information Act as there is a legislated duty to prepare privacy impact assessments (section 64 of HIA). Published in 2010.

  • Privacy in a Pandemic

    This guidance is meant to help public bodies, health custodians and private sector organizations know how personal or health information may be shared during a pandemic or emergency situation. Privacy laws are not a barrier to appropriate information sharing in these circumstances. Updated in March 2020.

  • Privacy Laws in Alberta (Online Version)

    This brochure summarizes Alberta's privacy laws. Updated in March 2021.

  • Privacy Laws in Alberta (Print Version)

    This brochure summarizes Alberta's privacy laws. Feel free to print for various meetings or events, or contact our office and we will provide you with printed copies. Updated in March 2021.

  • Privilege Practice Note

    This practice note was developed for the OIPC's reviews and inquiries in which a respondent (public body, organization or custodian) to an access request has claimed solicitor-client privilege or litigation privilege. Published in December 2016.

  • Proposed Health Charter and Health Advocate Regulation

    On March 3, 2014, the Commissioner provided comments the proposed Health Charter and Health Advocate Regulation.

  • Response to the Final Report of the Select Special Health Information Act Review Committee

    In October 2004, the Commissioner provided a response to the final report by the Select Special Health Information Act Review Committee.

  • Review and Investigation Procedures

    The purpose of this document is to provide parties with a summary of the procedures under which reviews and investigations are conducted by the OIPC and the anticipated date for completion of the reviews and investigations.

  • Stakeholder Survey: Highlights Report

    The OIPC commissioned a survey to assess Albertans' awareness and understanding of privacy issues in general, and the Health Information Act in particular. Published in March 2003.

  • Stakeholder Survey: Report

    The OIPC commissioned a stakeholder survey to assess implementation of access and privacy programs, and access and privacy issues in general, of public bodies, health custodians and private sector organizations. Published in November 2012.

  • Submission to the Select Special Health Information Act Review Committee

    On August 5, 2004, the Commissioner submitted a review and recommendations regarding a review of the Health Information Act.