Information about laws on health information privacy

Français Site Map

 

Home

Manitoba Government

Statutory Publications

Manitoba Laws

Acts

Consolidated Acts

C.C.S.M. Acts

Municipal Acts

Private Acts

Unconsolidated Acts

Annual Chapters

Public General Acts (not in the C.C.S.M.)

Recent proclamations

Regulations

Consolidated Regulations

Unconsolidated Regulations (2000 to 2010)

Court Rules

Courts website

Queen's Bench

Queen's Bench Rules (criminal)

Queen's Bench Rules (civil)

Queen's Bench Forms (civil)

 

Court of Appeal

Court of Appeal Rules (criminal)

Court of Appeal Rules (civil)

 

 

 

Legislative Assembly

Assembly Home

Bills

Bills status

Search

Search in regulations

Search in Acts

This is an unofficial version.
This version is current as of April 14, 2010
and has been in effect since June 16, 2005.

Note: Earlier consolidated versions are not available online.

Search this Act
Information table

C.C.S.M. c. P33.5

The Personal Health Information Act

Table of Contents

Bilingual (PDF)

Regulations

(Assented to June 28, 1997)

WHEREAS health information is personal and sensitive and its
confidentiality must be protected so that individuals are not afraid
to seek health care or to disclose sensitive information to health
professionals;

AND WHEREAS individuals need access to their own health information as
a matter of fairness, to enable them to make informed decisions about
health care and to correct inaccurate or incomplete information about
themselves;

AND WHEREAS a consistent approach to personal health information is
necessary because many persons other than health professionals now
obtain, use and disclose personal health information in different
contexts and for different purposes;

AND WHEREAS clear and certain rules for the collection, use and
disclosure of personal health information are an essential support for
electronic health information systems that can improve both the
quality of patient care and the management of health care resources;

THEREFORE HER MAJESTY, by and with the advice and consent of the
Legislative Assembly of Manitoba, enacts as follows:

PART 1

INTRODUCTORY PROVISIONS

Definitions

1(1) In this Act,

"court", for the purpose of an appeal under section 49 or 50, means
the Court of Queen's Bench; (« tribunal »)

"enactment" means an Act or regulation; (« texte »)

"health" means the condition of being sound in mind, body and spirit;
(« santé »)

"health care" means any care, service or procedure

(a) provided to diagnose, treat or maintain an individual's health,

(b) provided to prevent disease or injury or promote health, or

(c) that affects the structure or a function of the body,

and includes the sale or dispensing of a drug, device, equipment or
other item pursuant to a prescription; (« soins de santé »)

"health care facility" means

(a) a hospital,

(b) a personal care home,

(c) a psychiatric facility,

(d) a medical clinic,

(e) a laboratory,

(f) CancerCare Manitoba, and

(g) a community health centre or other facility in which health care
is provided and that is designated in the regulations; («
établissement de soins de santé »)

"health professional" means a person who is licensed or registered to
provide health care under an Act of the Legislature or who is a member
of a class of persons designated as health professionals in the
regulations; (« professionnel de la santé »)

"health services agency" means an organization that provides health
care such as community or home-based health care pursuant to an
agreement with another trustee; (« organisme de services de santé »)

"information manager" means a person or body that

(a) processes, stores or destroys personal health information for a
trustee, or

(b) provides information management or information technology services
to a trustee; (« gestionnaire de l'information »)

"institutional research review committee" means a committee formally
established by a health care facility, university or similar body

(a) to review the efficacy and scientific and ethical value of a
research proposal involving human subjects or involving the review of
records containing personal health information, and

(b) to ensure that the person proposing the research has adequate
safeguards in place to protect the confidentiality of personal health
information; (« comité de révision de la recherche institutionnelle »)

"maintain", in relation to personal health information, means to have
custody or control of the information; (« maintenir »)

"minister" means the member of the Executive Council charged by the
Lieutenant Governor in Council with the administration of this Act; («
ministre »)

"Ombudsman" means the Ombudsman appointed under The Ombudsman Act; («
ombudsman »)

"personal health information" means recorded information about an
identifiable individual that relates to

(a) the individual's health, or health care history, including genetic
information about the individual,

(b) the provision of health care to the individual, or

(c) payment for health care provided to the individual,

and includes

(d) the PHIN and any other identifying number, symbol or particular
assigned to an individual, and

(e) any identifying information about the individual that is collected
in the course of, and is incidental to, the provision of health care
or payment for health care; (« renseignements médicaux personnels »)

"PHIN" means the personal health identification number assigned to an
individual by the minister to uniquely identify the individual for
health care purposes; (« NIMP »)

"public body" means a public body as defined in The Freedom of
Information and Protection of Privacy Act, and for the purpose of this
definition, the definitions of "department", "educational body",
"government agency", ''health care body", "local government body" and
"local public body" in that Act apply; (« organisme public »)

"record" or "recorded information" means a record of information in
any form, and includes information that is written, photographed,
recorded or stored in any manner, on any storage medium or by any
means, including by graphic, electronic or mechanical means, but does
not include electronic software or any mechanism that produces
records; (« document » ou « renseignement enregistré »)

"representative", in relation to an individual, means a person
referred to in section 60; (« représentant »)

"trustee" means a health professional, health care facility, public
body, or health services agency that collects or maintains personal
health information. (« dépositaire »)

Reference to "Act" includes regulations

1(2) A reference to "this Act" includes the regulations made under
this Act.

S.M. 2001, c. 18, s. 18; S.M. 2004, c. 36, s. 2.

Purposes of this Act

The purposes of this Act are

(a) to provide individuals with a right to examine and receive a copy
of personal health information about themselves maintained by a
trustee, subject to the limited and specific exceptions set out in
this Act;

(b) to provide individuals with a right to request corrections to
personal health information about themselves maintained by a trustee;

(c) to control the manner in which trustees may collect personal
health information;

(d) to protect individuals against the unauthorized use, disclosure or
destruction of personal health information by trustees;

(e) to control the collection, use and disclosure of an individual's
PHIN; and

(f) to provide for an independent review of the decisions of trustees
under this Act.

Application of this Act

This Act does not apply to anonymous or statistical health information that does not, either by itself or when combined with other information available to the holder, permit individuals to be identified.

Relationship to other Acts

4(1) A trustee shall refuse to permit personal health information to
be examined or copied under Part 2 of this Act to the extent that
disclosure of the information is prohibited or restricted by another
enactment of Manitoba.

Conflict with another Act

4(2) If a provision of Part 3 of this Act is inconsistent or in
conflict with a provision of another enactment, the provision of this
Act prevails unless the other enactment more completely protects the
confidentiality of personal health information.

Mental Health Act prevails

4(3) For greater certainty, the provisions of The Mental Health Act
prevail over this Act.

PART 2

ACCESS TO PERSONAL HEALTH INFORMATION

RIGHT TO EXAMINE AND COPY PERSONAL HEALTH INFORMATION

Right to examine and copy information

5(1) Subject to this Act, an individual has a right, on request, to
examine and receive a copy of his or her personal health information
maintained by a trustee.

How to make a request

5(2) A request must be made to the trustee who the individual believes
maintains the personal health information.

Trustee may require written request

5(3) A trustee may require a request to be in writing.

Trustee must respond promptly

6(1) A trustee shall respond to a request as promptly as required in
the circumstances but no later than 30 days after receiving it, unless
the request is transferred to another trustee under section 8.

Duty to assist an individual

6(2) A trustee shall make every reasonable effort to assist an
individual making a request and to respond without delay, openly,
accurately and completely.

Failure to respond

6(3) The failure of a trustee to respond to a request within the
30-day period is to be treated as a decision to refuse to permit the
personal health information to be examined or copied.

Trustee's response

7(1) In responding to a request, a trustee shall do one of the
following:

(a) make the personal health information available for examination and
provide a copy, if requested, to the individual;

(b) inform the individual in writing if the information does not exist
or cannot be found; or

(c) inform the individual in writing that the request is refused, in
whole or in part, for a specified reason described in section 11, and
advise the individual of the right to make a complaint about the
refusal under Part 5.

Duty to provide an explanation

7(2) On request, a trustee shall provide an explanation of any term,
code or abbreviation used in the personal health information.

Information in electronic form

7(3) When a request is made for personal health information that a
trustee maintains in electronic form, the trustee shall produce a
record of the information for the individual in a form usable by the
individual, if it can be produced using the trustee's normal computer
hardware and software and technical expertise.

Transferring a request to another trustee

8(1) Within seven days after receiving a request, a trustee may
transfer it to another trustee if

(a) the personal health information is maintained by the other
trustee; or

(b) the other trustee was the first to collect the personal health
information.

Response within 30 days after transfer

8(2) A trustee who transfers a request under subsection (1) shall
notify the individual of the transfer as soon as possible, and the
trustee to whom the request is transferred shall respond to it as
promptly as required in the circumstances but no later than 30 days
after receiving it.

Trustee must take precautions about release

A trustee

(a) shall not permit personal health information to be examined or
copied without being satisfied as to the identity of the individual
making the request; and

(b) shall take reasonable steps to ensure that any personal health
information intended for an individual is received only by that
individual.

Fees

10 A trustee may charge a reasonable fee for permitting examination of
personal health information and providing a copy, but the fee must not
exceed the amount provided for in the regulations.

REASONS FOR REFUSING ACCESS

Reasons for refusing access

11(1) A trustee is not required to permit an individual to examine or
copy his or her personal health information under this Part if

(a) knowledge of the information could reasonably be expected to
endanger the health or safety of the individual or another person;

(b) disclosure of the information would reveal personal health
information about another person who has not consented to the
disclosure;

(c) disclosure of the information could reasonably be expected to
identify a third party, other than another trustee, who supplied the
information in confidence under circumstances in which confidentiality
was reasonably expected;

(d) the information was compiled and is used solely

(i) for the purpose of peer review by health professionals,

(ii) for the purpose of review by a standards committee established to
study or evaluate health care practice in a health care facility or
health services agency,

(iii) for the purpose of a body with statutory responsibility for the
discipline of health professionals or for the quality or standards of
professional services provided by health professionals, or

(iv) for the purpose of risk management assessment; or

(e) the information was compiled principally in anticipation of, or
for use in, a civil, criminal or quasi-judicial proceeding.

Severance of information

11(2) A trustee who refuses to permit personal health information to
be examined or copied under subsection (1) shall, to the extent
possible, sever the personal health information that cannot be
examined or copied and permit the individual to examine and receive a
copy of the remainder of the information.

S.M. 2004, c. 36, s. 3.

CORRECTION OF HEALTH INFORMATION

Right to request a correction

12(1) For purposes of accuracy or completeness, an individual may
request a trustee to correct any personal health information that the
individual may examine and copy under this Part.

Written request

12(2) A request must be in writing.

Trustee's response

12(3) As promptly as required in the circumstances but no later than
30 days after receiving a request, the trustee shall do one of the
following:

(a) make the requested correction by adding the correcting information
to the record of the personal health information in such a manner that
it will be read with and form part of the record or be adequately
cross-referenced to it;

(b) inform the individual if the personal health information no longer
exists or cannot be found;

(c) if the trustee does not maintain the personal health information,
so inform the individual and provide him or her with the name and
address, if known, of the trustee who maintains it; or

(d) inform the individual in writing of the trustee's refusal to
correct the record as requested, the reason for the refusal, and the
individual's right to add a statement of disagreement to the record
and to make a complaint about the refusal under Part 5.

When a trustee refuses to make a correction

12(4) A trustee who refuses to make a correction that is requested
under this section shall

(a) permit the individual to file a concise statement of disagreement
stating the correction requested and the reason for the correction;
and

(b) add the statement of disagreement to the record in such a manner
that it will be read with and form part of the record or be adequately
cross-referenced to it.

Notifying others of a correction or statement of disagreement

12(5) When a trustee makes a correction or adds a statement of
disagreement under this section, the trustee shall, when practicable,
notify any other trustee or person to whom the personal health
information has been disclosed during the year before the correction
was requested about the correction or statement of disagreement. A
trustee who receives such a notice shall make the correction or add
the statement of disagreement to any record of that personal health
information that the trustee maintains.

No fee

12(6) A trustee shall not charge a fee in connection with a request
for a correction made under this section.

PART 3

PROTECTION OF PRIVACY

DIVISION 1

RESTRICTIONS ON COLLECTION AND RETENTION OF INFORMATION

COLLECTION OF INFORMATION

Restrictions on collection

13(1) A trustee shall not collect personal health information about an
individual unless

(a) the information is collected for a lawful purpose connected with a
function or activity of the trustee; and

(b) the collection of the information is necessary for that purpose.

Limit on amount of information collected

13(2) A trustee shall collect only as much personal health information
about an individual as is reasonably necessary to accomplish the
purpose for which it is collected.

Source of information

14(1) Whenever possible, a trustee shall collect personal health
information directly from the individual the information is about.

Exceptions

14(2) Subsection (1) does not apply if

(a) the individual has authorized another method of collection;

(b) collection of the information directly from the individual could
reasonably be expected to endanger the health or safety of the
individual or another person;

(c) collection of the information is in the interest of the individual
and time or circumstances do not permit collection directly from the
individual;

(d) collection of the information directly from the individual could
reasonably be expected to result in inaccurate information being
collected; or

(e) another method of collection is authorized or required by a court
order or an enactment of Manitoba or Canada.

S.M. 2004, c. 36, s. 3.

Notice of collection practices

15(1) A trustee who collects personal health information directly from
the individual the information is about shall, before it is collected
or as soon as practicable afterwards, take reasonable steps to inform
the individual

(a) of the purpose for which the information is being collected; and

(b) if the trustee is not a health professional, how to contact an
officer or employee of the trustee who can answer the individual's
questions about the collection.

Exception if information already provided

15(2) A trustee need not comply with subsection (1) if the trustee has
recently provided the individual with the information referred to in
that subsection about the collection of the same or similar personal
health information for the same or a related purpose.

ACCURACY OF INFORMATION

Duty to ensure accuracy of information

16 Before using or disclosing personal health information, a trustee
shall take reasonable steps to ensure that the information is
accurate, up to date, complete and not misleading.

RETENTION AND DESTRUCTION OF INFORMATION

Retention and destruction policy

17(1) A trustee shall establish a written policy concerning the
retention and destruction of personal health information and shall
comply with that policy.

Compliance with regulations

17(2) A policy under subsection (1) must conform with any requirements
of the regulations.

Method of destruction must protect privacy

17(3) In accordance with any requirements of the regulations, a
trustee shall ensure that personal health information is destroyed in
a manner that protects the privacy of the individual the information
is about.

Record of destruction

17(4) A trustee who destroys personal health information shall keep a
record of

(a) the individual whose personal health information is destroyed and
the time period to which the information relates; and

(b) the method of destruction and the person responsible for
supervising the destruction.

Application of this section

17(5) This section does not override or modify any requirement in an
enactment of Manitoba or Canada concerning the retention or
destruction of records maintained by public bodies.

DIVISION 2

SECURITY SAFEGUARDS

Duty to adopt security safeguards

18(1) In accordance with any requirements of the regulations, a
trustee shall protect personal health information by adopting
reasonable administrative, technical and physical safeguards that
ensure the confidentiality, security, accuracy and integrity of the
information.

Specific safeguards

18(2) Without limiting subsection (1), a trustee shall

(a) implement controls that limit the persons who may use personal
health information maintained by the trustee to those specifically
authorized by the trustee to do so;

(b) implement controls to ensure that personal health information
maintained by the trustee cannot be used unless

(i) the identity of the person seeking to use the information is
verified as a person the trustee has authorized to use it, and

(ii) the proposed use is verified as being authorized under this Act;

(c) if the trustee uses electronic means to request disclosure of
personal health information or to respond to requests for disclosure,
implement procedures to prevent the interception of the information by
unauthorized persons; and

(d) when responding to requests for disclosure of personal health
information, ensure that the request contains sufficient detail to
uniquely identify the individual the information is about.

Additional safeguards for information in electronic form

18(3) A trustee who maintains personal health information in
electronic form shall implement any additional safeguards for such
information required by the regulations.

Safeguards for sensitive information

19 In determining the reasonableness of security safeguards required
under section 18, a trustee shall take into account the degree of
sensitivity of the personal health information to be protected.

DIVISION 3

RESTRICTIONS ON USE AND DISCLOSURE OF INFORMATION

GENERAL DUTIES OF TRUSTEES

General duty of trustees re use and disclosure

20(1) A trustee shall not use or disclose personal health information
except as authorized under this Division.

Limit on amount of information used or disclosed

20(2) Every use and disclosure by a trustee of personal health
information must be limited to the minimum amount of information
necessary to accomplish the purpose for which it is used or disclosed.

Limit on the trustee's employees

20(3) A trustee shall limit the use and disclosure of personal health
information it maintains to those of its employees and agents who need
to know the information to carry out the purpose for which the
information was collected or received or to carry out a purpose
authorized under section 21.

RESTRICTIONS ON USE OF INFORMATION

Restrictions on use of information

21 A trustee may use personal health information only for the purpose
for which it was collected or received, and shall not use it for any
other purpose, unless

(a) the other purpose is directly related to the purpose for which the
personal health information was collected or received;

(b) the individual the personal health information is about has
consented to the use;

(c) use of the information is necessary to prevent or lessen a serious
and immediate threat to

(i) the health or safety of the individual the information is about or
another individual, or

(ii) public health or public safety;

(d) the trustee is a public body or a health care facility and the
personal health information is used

(i) to deliver, monitor or evaluate a program that relates to the
provision of health care or payment for health care by the trustee, or

(ii) for research and planning that relates to the provision of health
care or payment for health care by the trustee;

(e) the purpose is one for which the information may be disclosed to
the trustee under section 22; or

(f) use of the information is authorized by an enactment of Manitoba
or Canada.

S.M. 2004, c. 36, s. 3.

RESTRICTIONS ON DISCLOSURE OF INFORMATION

Individual's consent to disclosure

22(1) Except as permitted by subsection (2), a trustee may disclose
personal health information only if

(a) the disclosure is to the individual the personal health
information is about or his or her representative; or

(b) the individual the information is about has consented to the
disclosure.

Disclosure without individual's consent

22(2) A trustee may disclose personal health information without the
consent of the individual the information is about if the disclosure
is

(a) to a person who is providing or has provided health care to the
individual, to the extent necessary to provide health care to the
individual, unless the individual has instructed the trustee not to
make the disclosure;

(b) to any person if the trustee reasonably believes that the
disclosure is necessary to prevent or lessen a serious and immediate
threat to

(i) the health or safety of the individual the information is about or
another individual, or

(ii) public health or public safety;

(c) for the purpose of

(i) contacting a relative or friend of an individual who is injured,
incapacitated or ill,

(ii) assisting in identifying a deceased individual, or

(iii) informing the representative or a relative of a deceased
individual, or any other person it is reasonable to inform in the
circumstances, of the individual's death;

(d) to a relative of a deceased individual if the trustee reasonably
believes that disclosure is not an unreasonable invasion of the
deceased's privacy;

(e) required for

(i) the purpose of peer review by health professionals,

(ii) the purpose of review by a standards committee established to
study or evaluate health care practice in a health care facility or
health services agency,

(iii) the purpose of a body with statutory responsibility for the
discipline of health professionals or for the quality or standards of
professional services provided by health professionals, or

(iv) the purpose of risk management assessment;

(f) in accordance with section 23(disclosure to patient's family), 24
(disclosure for health research) or 25 (disclosure to an information
manager);

(g) for the purpose of

(i) delivering, evaluating or monitoring a program of the trustee that
relates to the provision of health care or payment for health care, or

(ii) for research and planning that relates to the provision of health
care or payment for health care by the trustee;

(h) to a computerized health information network and database,
established by the government or another trustee that is a public body
specified in the regulations, in which personal health information is
recorded for the purpose of facilitating

(i) the delivery, evaluation or monitoring of a program that relates
to the provision of health care or payment for health care, or

(ii) research and planning that relates to the provision of health
care or payment for health care;

(i) to the government, another public body, or the government of
another jurisdiction or an agency of such a government, to the extent
necessary to obtain payment for health care provided to the individual
the personal health information is about;

(j) to a person who requires the personal health information to carry
out an audit for or provide legal services to a trustee, if the
trustee reasonably believes that the person will not use or disclose
the personal health information for any other purpose and will take
appropriate steps to protect it;

(k) required in anticipation of or for use in a civil or
quasi-judicial proceeding to which the trustee is a party, or the
prosecution of an offence;

(l) required to comply with a subpoena, warrant or order issued or
made by a court, person or body with jurisdiction to compel the
production of the personal health information, or with a rule of court
concerning the production of the personal health information;

(m) for the purpose of

(i) an investigation under or the enforcement of an enactment of
Manitoba respecting payment for health care, or

(ii) an investigation or enforcement respecting a fraud relating to
payment for health care;

(n) for the purpose of complying with an arrangement or agreement
entered into under an enactment of Manitoba or Canada; or

(o) authorized or required by an enactment of Manitoba or Canada.

Limit on disclosure

22(3) A trustee may disclose information under subsection (2) only to
the extent the recipient needs to know the information.

S.M. 2004, c. 36, s. 3.

Disclosure to family about patient's health care

23(1) If an individual is a patient or resident in a health care
facility, the trustee may disclose personal health information about
the individual to an immediate family member, or to anyone else with
whom the individual is known to have a close personal relationship, if

(a) the disclosure is about health care currently being provided;

(b) the disclosure is made in accordance with good medical or other
professional practice; and

(c) the trustee reasonably believes the disclosure to be acceptable to
the individual or his or her representative.

Disclosure about patient's condition

23(2) As long as disclosure is not contrary to the express request of
the individual or his or her representative, a trustee may disclose to
any person the following information about an individual who is a
patient or resident of a health care facility:

(a) the individual's name;

(b) the individual's general health status, described as critical,
poor, fair, stable or satisfactory, or in terms indicating similar
conditions;

(c) the individual's location, unless disclosure of the location would
reveal specific information about the health of the individual.

No disclosure if possible harm

23(3) A trustee shall not disclose personal health information under
this section if the trustee has reason to believe that the disclosure
might lead to harm to the individual the personal health information
is about.

S.M. 2004, c. 36, s. 4.

HEALTH RESEARCH

Approval for health research

24(1) A trustee may disclose personal health information to a person
conducting a health research project only if the project has been
approved under this section.

Who may give an approval

24(2) An approval may be given by

(a) the health information privacy committee established under section
59, if the personal health information is maintained by the government
or a government agency; and

(b) an institutional research review committee, if the personal health
information is maintained by a trustee other than the government or a
government agency.

Conditions for approval

24(3) An approval may be given under this section only if the health
information privacy committee or the institutional research review
committee, as the case may be, has determined that

(a) the research is of sufficient importance to outweigh the intrusion
into privacy that would result from the disclosure of personal health
information;

(b) the research purpose cannot reasonably be accomplished unless the
personal health information is provided in a form that identifies or
may identify individuals;

(c) it is unreasonable or impractical for the person proposing the
research to obtain consent from the individuals the personal health
information is about; and

(d) the research project contains

(i) reasonable safeguards to protect the confidentiality and security
of the personal health information, and

(ii) procedures to destroy the information or remove all identifying
information at the earliest opportunity consistent with the purposes
of the project.

Agreement required

24(4) An approval under this section is conditional on the person
proposing the research project entering into an agreement with the
trustee, in accordance with the regulations, in which the person
agrees

(a) not to publish the personal health information requested in a form
that could reasonably be expected to identify the individuals
concerned;

(b) to use the personal health information requested solely for the
purposes of the approved research project; and

(c) to ensure that the research project complies with the safeguards
and procedures described in clause (3)(d).

Limitation for projects requiring direct contact with individuals

24(5) If a research project will require direct contact with
individuals, a trustee shall not disclose personal health information
about those individuals under this section without first obtaining
their consent. However, the trustee need not obtain their consent if
the information consists only of the individuals' names and addresses.

DIVISION 4

MISCELLANEOUS REQUIREMENTS

INFORMATION MANAGERS

Trustee may provide information to an information manager

25(1) A trustee may provide personal health information to an
information manager for the purpose of processing, storing or
destroying it or providing the trustee with information management or
information technology services.

Restrictions on use

25(2) An information manager may use personal health information
provided to it under this section only for the purposes and activities
mentioned in subsection (1), which must be purposes and activities
that the trustee itself may undertake.

Agreement required

25(3) A trustee who wishes to provide personal health information to
an information manager under this section must enter into a written
agreement with the information manager that provides for the
protection of the personal health information against such risks as
unauthorized access, use, disclosure, destruction or alteration, in
accordance with the regulations.

Information manager must comply with Act

25(4) An information manager shall comply with

(a) the same requirements concerning the protection, retention and
destruction of personal health information that the trustee is
required to comply with under this Act; and

(b) the duties imposed on the information manager under the agreement
entered into under subsection (3).

Information deemed to be maintained by the trustee

25(5) Personal health information that has been provided to an
information manager under an agreement described in subsection (3) is
deemed to be maintained by the trustee for the purposes of this Act.

PHIN

Production and use of PHIN

26(1) No person other than a trustee may require the production of
another person's PHIN or collect or use another person's PHIN.

Exceptions

26(2) Despite subsection (1), a person may collect or use another
person's PHIN

(a) for purposes related to the provision of publicly funded health
care to the other person;

(b) for purposes of a health research project approved under section
24; or

(c) in circumstances permitted by the regulations.

PROHIBITION ON SALE OF INFORMATION

Prohibition on sale of personal health information

27(1) No trustee shall sell or otherwise dispose of or disclose for
consideration personal health information unless

(a) it is essential to facilitate the sale or disposition of the
practice of a health professional or the business of a health care
facility or health services agency as a going concern; and

(b) subject to subsection (2), the sale or disposition is to another
trustee.

Exception for pharmacies

27(2) Clause(1)(b) does not apply to a change in ownership of a
pharmacy in compliance with The Pharmaceutical Act.

PART 4

POWERS AND DUTIES OF THE OMBUDSMAN

General powers and duties

28 In addition to the Ombudsman's powers and duties under Part 5
respecting complaints, the Ombudsman may

(a) conduct investigations and audits and make recommendations to
monitor and ensure compliance with this Act;

(b) inform the public about this Act;

(c) receive comments from the public about matters concerning the
confidentiality of personal health information or access to that
information;

(d) comment on the implications for access to or confidentiality of
personal health information of proposed legislative schemes or
programs or practices of trustees;

(e) comment on the implications for the confidentiality of personal
health information of

(i) using or disclosing personal health information for record
linkage, or

(ii) using information technology in the collection, storage, use or
transfer of personal health information;

(f) consult with any person with experience or expertise in any matter
related to the purposes of this Act; and

(g) engage in or commission research into any matter related to the
purposes of this Act.

Evidence Act powers

29(1) The Ombudsman has all the powers and protections of a
commissioner under Part V of The Manitoba Evidence Act when conducting
an investigation under this Act.

Production of records

29(2) The Ombudsman may require any record maintained by a trustee
that the Ombudsman considers relevant to an investigation to be
produced to the Ombudsman and may examine any information in a record,
including personal health information.

Records produced within 14 days

29(3) A trustee shall produce to the Ombudsman within 14 days any
record or a copy of a record required to be produced under this
section.

Examination of record on site

29(4) If a trustee is required to produce a record under this section
and it is not practicable to make a copy of it, the trustee may
require the Ombudsman to examine the original at its site.

Production required despite other laws

29(5) No person who is required by the Ombudsman to give information
or evidence or to produce a record may refuse to do so on the basis of

(a) an enactment that requires or permits a person to refuse to
disclose information; or

(b) any privilege of the law of evidence.

Right of entry

30 Despite any other enactment or any privilege of the law of
evidence, in exercising powers or performing duties under this Act,
the Ombudsman has the right,

(a) during regular business hours, to enter any premises of a trustee
in which the Ombudsman believes on reasonable grounds there are
records relevant to an investigation and examine and make copies of
them; and

(b) to converse in private with any officer, employee or agent of the
trustee.

Investigation in private

31 The Ombudsman shall conduct every investigation in private.

Statements and reports not admissible in evidence

32(1) Any statement or report made or opinion given by a person during
an investigation by the Ombudsman, and any report or recommendation of
the Ombudsman, is inadmissible as evidence in a court or in any other
proceeding, except

(a) in a prosecution for perjury in respect of sworn testimony;

(b) in a prosecution for an offence under this Act; or

(c) in an appeal to the court under this Act, when the Ombudsman is a
party.

Not compellable as witness

32(2) The Ombudsman, and anyone acting for or under the direction of
the Ombudsman, shall not be required to give evidence in a court or in
any other proceeding about information that comes to the knowledge of
the Ombudsman in performing duties or exercising powers under this
Act.

Information provided under qualified privilege

33 Anything said, any information supplied, and any record produced by
a person during an investigation by the Ombudsman under this Act is
privileged in the same manner as if it were said, supplied or produced
in a proceeding in a court.

Ombudsman restricted as to disclosure of information

34(1) The Ombudsman, and anyone acting for or under the direction of
the Ombudsman, shall not disclose information obtained in performing
duties or exercising powers under this Act, except as provided in
subsections (2) to (4).

When disclosure permitted

34(2) The Ombudsman may disclose, or may authorize anyone acting for
or under the direction of the Ombudsman to disclose, information that
is necessary to

(a) perform a duty or exercise a power of the Ombudsman under this
Act; or

(b) establish the grounds for findings and recommendations contained
in a report under this Act.

However, the Ombudsman, and anyone acting for or under the direction
of the Ombudsman, shall not disclose personal health information that
a trustee is authorized to refuse to disclose in response to a request
made under Part 2.

Information about offences

34(3) The Ombudsman may disclose to the Minister of Justice and
Attorney General information relating to the commission of an offence
under this or any other enactment of Manitoba or Canada if the
Ombudsman considers there is reason to believe an offence has been
committed, except that personal health information must not be
disclosed without the consent of the individual the information is
about.

Information relating to a prosecution or appeal

34(4) The Ombudsman may disclose, or may authorize anyone acting for
or under the direction of the Ombudsman to disclose, information in
the course of a prosecution or an appeal referred to in subsection
32(1), except that personal health information must not be disclosed
without the consent of the individual the information is about.

Delegation

35 The Ombudsman may delegate to any person on his or her staff any
duty or power under this Act.

Protection from liability

36 No proceedings lie against the Ombudsman, or against any person
acting for or under the direction of the Ombudsman, for anything done,
reported or said in good faith in the exercise or performance or the
intended exercise or performance of a duty or power under this Act.

Annual report

37(1) The Ombudsman shall make an annual report to the Legislative
Assembly on the work of the Ombudsman's office in relation to this
Act, including the following:

(a) the kinds of complaints received and investigations conducted
under Part 5;

(b) the Ombudsman's recommendations and whether trustees have complied
with the recommendations; and

(c) any other matters about access to and confidentiality of personal
health information that the Ombudsman considers appropriate.

Report to be laid before Legislative Assembly

37(2) The report shall be given to the Speaker who shall lay it before
the Legislative Assembly if it is in session and if it is not in
session, then within 15 days after the beginning of the next session.

Special report

37(3) In the public interest, the Ombudsman may publish a special
report relating to any matter within the scope of the powers and
duties of the Ombudsman under this Act, including a report referring
to and commenting on any particular matter investigated by the
Ombudsman.

PART 5

COMPLAINTS

Definitions

38 In this Part,

"complaint about access" means a complaint made under subsection
39(1); (« plainte concernant l'accès »)

"complaint about privacy" means a complaint made under subsection
39(2). (« plainte concernant la confidentialité »)

MAKING A COMPLAINT

Right to make a complaint about access

39(1) An individual who has made a request to examine or receive a
copy of his or her personal health information in accordance with Part
2 may make a complaint to the Ombudsman about any decision, act or
failure to act of the trustee that relates to the request, including
but not limited to the following:

(a) a refusal by the trustee to permit the individual to examine or
receive a copy of the information;

(b) a refusal by the trustee to correct personal health information;

(c) an unreasonable delay by the trustee in responding to the request;

(d) an unreasonable or unauthorized fee charged by the trustee.

Right to make a complaint about privacy

39(2) An individual may make a complaint to the Ombudsman alleging
that a trustee

(a) has collected, used or disclosed his or her personal health
information contrary to this Act; or

(b) has failed to protect his or her personal health information in a
secure manner as required by this Act.

Complaint in writing

39(3) A complaint must be in writing in a form acceptable to the
Ombudsman.

Ombudsman may initiate a complaint

39(4) The Ombudsman may initiate a complaint respecting any matter
about which the Ombudsman is satisfied there are reasonable grounds to
investigate under this Act.

INVESTIGATION

Investigation

40(1) Subject to section 41, on receiving a complaint the Ombudsman
shall investigate it.

Informal resolution

40(2) The Ombudsman may take any steps the Ombudsman considers
appropriate to resolve a complaint informally to the satisfaction of
the parties and in a manner consistent with the purposes of this Act.

Decision to not deal with a complaint

41(1) The Ombudsman may decide not to investigate a complaint if the
Ombudsman is of the opinion that

(a) the length of time that has elapsed since the date the subject
matter of the complaint arose makes an investigation no longer
practicable or desirable;

(b) the subject matter of the complaint is trivial or the complaint is
not made in good faith or is frivolous or vexatious; or

(c) the circumstances of the complaint do not require investigation.

Ombudsman may defer complaint about access

41(2) The Ombudsman may decide not to investigate a complaint about
access or may defer investigating it if

(a) the complaint concerns a health care facility or health services
agency and there is an internal appeal procedure that the complainant
has not used; or

(b) the complaint concerns a health professional and there is an
expeditious and informal procedure for addressing such complaints
available through a body that has statutory responsibility for
regulating the practice of the health professional, which the
complainant has not used.

Notifying the complainant

41(3) The Ombudsman shall inform the complainant in writing if he or
she decides not to investigate a complaint or defers investigating it,
and give reasons for the decision.

Notifying trustee and others of complaint

42 As soon as practicable after deciding to investigate a complaint,
the Ombudsman shall notify the following persons about the complaint:

(a) the trustee concerned; and

(b) any other person who the Ombudsman considers should be notified,
having regard to the nature of the complaint and the need to protect
the complainant's privacy.

Representations to the Ombudsman

43(1) During an investigation, the Ombudsman shall give the
complainant and the trustee concerned an opportunity to make
representations to the Ombudsman. The Ombudsman may also give any
other person who has been notified of the complaint under clause 42(b)
an opportunity to make representations. However, no one is entitled to
be present during an investigation or to have access to or to comment
on representations made to the Ombudsman by another person.

Written or oral representations

43(2) The Ombudsman may decide whether representations are to be made
orally or in writing.

Representations by counsel

43(3) Representations may be made to the Ombudsman through counsel or
an agent.

Obtaining opinion of physician or other expert

44 If a complaint about access relates to a trustee's refusal to
permit personal health information to be examined or copied under
clause 11(1)(a) (endangering health or safety), the Ombudsman may
arrange for a physician or other expert chosen by the Ombudsman to
provide an opinion on the matter.

Duty to cooperate

45 A trustee and every officer, employee and agent of a trustee shall
cooperate with the Ombudsman in an investigation.

Time limit for investigation

46 An investigation must be completed and a report made under section
47 within 45 days after the complaint is made if it is about access,
and within 90 days if it is about privacy, unless the Ombudsman

(a) notifies the complainant, the trustee and any other person who has
made representations to the Ombudsman that the Ombudsman is extending
that period; and

(b) gives an anticipated date for providing the report.

OMBUDSMAN'S REPORT

Report

47(1) On completing an investigation, the Ombudsman shall prepare a
report containing the Ombudsman's findings and any recommendations the
Ombudsman considers appropriate about the complaint.

Recommendations about access

47(2) In a report concerning a complaint about access, the Ombudsman

(a) shall indicate whether, in his or her opinion, the refusal is
justified in whole or in part and, if not, shall recommend that the
trustee permit the complainant to examine and receive a copy of all or
part of the personal health information, as the case may require; and

(b) may recommend that the trustee modify or improve its procedures or
practices concerning requests for access.

Recommendations about privacy

47(3) In a report concerning a complaint about privacy, the Ombudsman

(a) shall indicate whether, in his or her opinion, the complaint is
well founded; and

(b) may, as long as the trustee has been given an opportunity to make
representations about the matter, recommend that the trustee

(i) cease or modify a specified practice of collecting, using,
disclosing, retaining or destroying personal health information
contrary to this Act, or

(ii) destroy a collection of personal health information that was
collected in a manner contrary to this Act.

Report given to complainant and others

48(1) The Ombudsman

(a) shall give a copy of the report to the complainant and the trustee
concerned; and

(b) may give a copy of the report to any other person who has been
notified of the complaint under clause 42(b) and who has made
representations to the Ombudsman.

Forwarding report to professional regulatory body

48(2) Unless the complainant objects, if the Ombudsman is of the
opinion that the subject matter of a complaint should be considered by
a body with statutory authority to regulate health professionals, the
Ombudsman may notify that body and give it a copy of the report.

Notice of right to appeal

48(3) If the Ombudsman finds that a complaint about access that
relates to a refusal to permit the complainant to examine or receive a
copy of personal health information is unjustified, the report must
advise the complainant of the right to appeal the decision to the
court under section 49, and of the time limit for an appeal.

Trustee's response to the report

48(4) If the report contains recommendations, the trustee shall,
within 14 days after receiving it, send the Ombudsman a written
response indicating

(a) that the trustee accepts the recommendations and describing any
action the trustee has taken or proposes to take to implement them; or

(b) the reasons why the trustee refuses to take action to implement
the recommendations.

Notice to the complainant

48(5) The Ombudsman shall notify the complainant of the trustee's
response without delay. In the case of a complaint about access
relating to a trustee's refusal to permit the complainant to examine
or receive a copy of personal health information, the Ombudsman shall
also inform the complainant that he or she may appeal the trustee's
decision to the court under section 49 and of the time limit for an
appeal.

Compliance with recommendations

48(6) When a trustee accepts the recommendations in a report, the
trustee shall comply with the recommendations within 15 days of
acceptance, or within such additional period as the Ombudsman
considers reasonable.

APPEAL TO COURT

Appeal to court for access to record

49(1) If a trustee has refused to permit an individual to examine or
receive a copy of personal health information following a request made
in accordance with Part 2, the individual may appeal the decision to
the court.

Appeal only if complaint has been made

49(2) An appeal may be made under subsection (1) only if the person
has made a complaint about access to the Ombudsman and the Ombudsman
has provided a report under section 48.

Appeal within 30 days

49(3) An appeal may be made by filing an application with the court
within 30 days after the person receives the Ombudsman's report under
subsection 48(1) or a notice under subsection 48(5), or within such
longer period as the court may allow in special circumstances.

Trustee to be named as respondent

49(4) The application must name the trustee involved in the complaint
as the respondent.

Appeal served on trustee and Ombudsman

49(5) The person appealing shall, within 15 days after filing the
application, serve a copy of it on

(a) the trustee concerned; and

(b) the Ombudsman.

Appeal by the Ombudsman

50(1) The Ombudsman may appeal a decision described in subsection
49(1) to the court within the time limit set by subsection 49(3), if
the Ombudsman has obtained the consent of the person who has the right
of appeal.

Ombudsman may intervene

50(2) The Ombudsman has a right to intervene as a party to an appeal
under section 49.

Appeal served on trustee

50(3) Within 15 days after filing an application for appeal, the
Ombudsman shall serve a copy of it on the trustee concerned.

Expeditious appeal

51 The court may hear evidence by affidavit and may decide the appeal
in an expeditious manner.

Burden of proof

52 On an appeal, it is up to the trustee to prove that the refusal to
permit the applicant to examine and receive a copy of his or her
personal health information is justified.

Court may order production of records

53 Despite any other enactment of Manitoba or any privilege of the law
of evidence, for the purpose of an appeal, the court may order
production of any record maintained by a trustee that is relevant to
the appeal for examination by the court.

Court to take precautions against disclosing

54 On an appeal, the court shall take every reasonable precaution,
including receiving representations ex parte, conducting hearings in
private and examining records in private, to avoid disclosure of
personal health information.

Powers of court on appeal

55 On hearing an appeal, the court may

(a) dismiss the appeal if it determines that the trustee was justified
in refusing to permit the applicant to examine or receive a copy of
his or her personal health information under section 11; or

(b) if it determines that the trustee was not justified in refusing to
permit the applicant to examine or copy all or part of his or her
personal health information under section 11,

(i) order the trustee to permit the applicant to examine and copy all
or part of the information, and

(ii) make any other order that the court considers appropriate.

No further appeal except with leave

56 Except with leave of The Court of Appeal, a decision of the court
under section 55 is final and binding and there is no appeal from it.

PART 6

GENERAL PROVISIONS

Privacy officer for facility and agency

57 A health care facility and a health services agency shall designate
one or more of its employees as a privacy officer whose
responsibilities include

(a) dealing with requests from individuals who wish to examine and
copy or to correct personal health information under this Act; and

(b) generally facilitating the trustee's compliance with this Act.

Role for head of public body

58(1) Where a trustee is a public body, any decision to be made or
opinion formed under this Act by the trustee may be made or formed by
the head of the public body as defined in The Freedom of Information
and Protection of Privacy Act.

Delegation by head of public body

58(2) The head of a public body may delegate to any person on the
staff of the public body any responsibility referred to in subsection
(1).

Health information privacy committee

59(1) For the purpose of approving health research projects under
section 24, the minister shall establish a health information privacy
committee in accordance with the regulations.

Public representation

59(2) At least 1/4 of the persons appointed to the health information
privacy committee must be public representatives who are not health
professionals or persons who conduct health research or employees of
the government.

Responsibilities

59(3) In addition to its responsibilities under section 24, the health
information privacy committee may perform any other functions assigned
to it by the minister.

Exercising rights of another person

60 The rights of an individual under this Act may be exercised

(a) by any person with written authorization from the individual to
act on the individual's behalf;

(b) by a proxy appointed by the individual under The Health Care
Directives Act;

(c) by a committee appointed for the individual under The Mental
Health Act if the committee has the power to make health care
decisions on the individual's behalf;

(d) by a substitute decision maker for personal care appointed for the
individual under The Vulnerable Persons Living with a Mental
Disability Act if the exercise of the right relates to the powers and
duties of the substitute decision maker;

(e) by the parent or guardian of an individual who is a minor, if the
minor does not have the capacity to make health care decisions; or

(f) if the individual is deceased, by his or her personal
representative.

Information deemed to be maintained by trustees

61(1) Information that is maintained by an officer, employee or member
of a trustee in that person's capacity as such is deemed to be
maintained by the trustee for the purposes of this Act.

Actions by employees

61(2) Any action done by, or information disclosed to, a person
employed by or in the service of a trustee in the performance of that
person's duties is deemed to have been done by, or disclosed to, the
trustee for the purposes of this Act.

Protection from liability

62 No action lies and no proceeding may be brought against the
government or a trustee or any person acting for or under the
direction of the government or a trustee for damages resulting from
the use or disclosure of personal health information in circumstances
where the government or the trustee or other person reasonably
believed that the use or disclosure was authorized under this Act.

Offences

63(1) Any person who

(a) wilfully makes a false statement to, or misleads or attempts to
mislead, the Ombudsman or another person in the performance of the
duties and powers of the Ombudsman;

(b) wilfully obstructs the Ombudsman, or any person acting for or
under the direction of the Ombudsman, in any manner;

(c) wilfully destroys or erases personal health information with the
intent to evade an individual's request to examine or copy the
information;

(d) obtains another person's personal health information by falsely
representing that he or she is entitled to the information; or

(e) requires production of or collects or uses another person's PHIN
contrary to section 26;

is guilty of an offence.

Offence by employee

63(2) Despite subsection 61(2), a person who is an employee of a
trustee or information manager who, without the authorization of the
trustee or information manager, wilfully discloses personal health
information in circumstances where the trustee or information manager
would not be permitted to disclose the information under this Act, is
guilty of an offence.

Offences by trustees and information managers

63(3) A trustee or information manager who

(a) collects, uses, sells or discloses personal health information
contrary to this Act;

(b) fails to protect personal health information in a secure manner as
required by this Act; or

(c) discloses personal health information contrary to this Act with
the intent to obtain a monetary or other material benefit or to confer
such a benefit on a trustee or other person;

is guilty of an offence.

Due diligence defence

63(4) No trustee or information manager shall be found to have
contravened clause (3)(a) or (b) if the trustee or information manager
can establish that he or she took all reasonable steps to prevent the
contravention.

Continuing offence

63(5) When a contravention of this Act continues for more than one
day, the person is guilty of a separate offence for each day the
contravention continues.

Prosecution within two years

63(6) A prosecution under this Act may be commenced not later than two
years after the commission of the alleged offence.

Penalty

64(1) A person who is guilty of an offence under section 63 is liable
on summary conviction to a fine of not more than $50,000.

Directors and officers of corporations

64(2) When a corporation is guilty of an offence, a director or
officer of the corporation who authorized, permitted or acquiesced in
the offence is also guilty of an offence and is liable on summary
conviction to a fine of not more than $50,000.

Defence under other enactments

65(1) No person is guilty of an offence or subject to disciplinary
action of any kind under any other enactment by reason of complying
with a request or requirement to produce a record or provide
information or evidence to the Ombudsman, or a person acting for or
under the direction of the Ombudsman, under this Act.

No adverse employment action

65(2) No trustee or person acting on behalf of a trustee shall take
any adverse employment action against an employee because the employee
has complied with a request or requirement to produce a record or
provide information or evidence to the Ombudsman, or a person acting
for or under the direction of the Ombudsman, under this Act.

Regulations

66(1) The Lieutenant Governor in Council may make regulations

(a) designating facilities for the purpose of the definition "health
care facility" in section 1;

(b) designating classes of persons as health professionals for the
purpose of the definition "health professional" in section 1;

(c) respecting the maximum fees that trustees may charge for the
examination and copying of personal health information, including
providing for circumstances in which fees may be waived;

(d) requiring trustees to provide notice to individuals about

(i) the right to examine and copy and to correct personal health
information, and

(ii) the practices of the trustee respecting the collection, use,
retention and disclosure of personal health information,

and providing for the form and content of such notices;

(e) respecting the giving of authorizations and consents by
individuals under this Act;

(f) for the purpose of section 17, governing policies of trustees
concerning retention periods for personal health information and
respecting the destruction of that information, and requiring the
policies to be made available to the public;

(g) requiring trustees to maintain a record of disclosures of personal
health information made under this Act;

(h) respecting security safeguards for personal health information
that trustees must establish, including requirements for information
held in electronic form;

(i) specifying public bodies for the purpose of clause 22(2)(h);

(j) respecting agreements for the purposes of subsections 24(4) and
25(3);

(k) for the purpose of clause 26(2)(c), permitting the collection and
use of a person's PHIN number for specified purposes or by specified
persons or bodies;

(l) governing the disclosure of personal health information to persons
or bodies outside Manitoba;

(m) respecting the appointment of members of the health information
privacy committee established under section 59 and governing the
duties and functions of the committee and all related matters;

(n) defining any word or expression used but not specifically defined
in this Act;

(o) respecting any other matter the Lieutenant Governor in Council
considers necessary or advisable to carry out the intent of this Act.

Application of regulations

66(2) A regulation under subsection (1) may be made to apply to
particular classes of trustees or persons or to particular classes of
personal health information.

PART 7

REVIEW AND COMING INTO FORCE

Review of this Act

67 Within five years after this Act comes into force, the minister
shall undertake a comprehensive review of the operation of the Act
that involves public representations and shall, within one year after
the review is undertaken or within such further time as the
Legislative Assembly may allow, submit a report on the review to the
Assembly.

C.C.S.M. reference

68 This Act may be referred to as chapter P33.5 of the Continuing
Consolidation of the Statutes of Manitoba.

Coming into force

69 This Act comes into force on a day fixed by proclamation.

NOTE: S.M. 1997, c. 51 was proclaimed in force December 11, 1997.

News

Departments

Disclaimer

Copyright

 

Privacy Policy

Contact Us 1-866-626-4862

Like, own over to here know who can below its
in his our off laws on health information privacy doing of and can before
should an some health information technology job outlook i too are myself
laws on health information privacy where over is outta sight
should do my more itself maybe while health information technology job outlook
her before or until each doing is
its itself you all my it our is
can any at yourselves did ourselves few being but by or be with
why from by no themselves as he the then
over she do laws on health information privacy during under because
where themselves yourself same he
is while few why it
over were was been can surely laws on health information privacy further off and below through could munchies
out out out or or up once our had your
such where over does most again and during being should has is who munchies outta sight at him have most
had this each no what is health information manager most into those while more but

laws on health information privacy

Information about laws on health information privacy

Interesting Quotation

Important links

Information