New Privacy Breach Guidelines Issued for Health Trustees in Saskatchewan

    Jan 10, 2017

    In November, the Office of the Saskatchewan Information and Privacy Commissioner (IPC) issued guidelines explaining how to respond to a privacy breach involving personal health information. 

    According to the guidelines, the Health Information Protection Act (HIPA) requires trustees to contain a data breach by ending the unauthorized practice and shutting down the breached systems. It also requires trustees to investigate a breach, and prevent future breaches by adopting additional safeguards and training, and ensure that policies and procedures are being followed.  While not mandatory, the guidelines encourage health trustees to proactively report a breach to the IPC. They also outline actions that should be taken to notify individuals affected by a breach, as well as what should be included in the notification.

    The document further outlines the investigatory process should the IPC learn of a privacy breach and begin an investigation. It states that the IPC’s goal is to complete a review and investigation on average within 33 days in 80% of the investigations. The IPC also seeks to achieve informal resolutions of investigations in an effort to expedite the process and reduce the amount of work required from both parties. In instances where an informal resolution is not possible, the IPC will issue a report to the trustee which includes an analysis of the investigation, including findings and recommendations.

     This monthly advisory contains brief summaries of recent legislative and regulatory issues that may affect the management of records and information in Canada.

     Want to sign up to receive an e-mail version of the Canadian Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International