- The Personal Health Information Act Amendments – Questions and Answers
- Guideline on Limited Authority to Make a Determination that a Request for Access Has Been Abandoned
- Guideline on Limited Authority to Disregard Certain Requests for Access
- Guideline on Privacy Breaches
Please review, The Personal Health Information Amendment Act (The Act). The Act received Royal Assent on May 20, 2021, and is to come into force on January 1, 2022.
When proclaimed, the Act will amend The Personal Health Information Act(PHIA) to:
1. Strengthen the authority of the Ombudsman under the Act, including the authority to audit trustee compliance with the Act.
2. Require that an individual and the Ombudsman be notified in a timely manner of a privacy breach relating to the individual’s personal health information that creates a real risk of serious harm to the individual.
3. Protect employees, officers and agents of trustees, who report to the Ombudsman contraventions of The Personal Health Information Act by their employer, from adverse employment action for reporting.
4. Set out when trustees may disregard requests for access to personal health information or consider such requests to be abandoned.
5. Explicitly state that public health information not collected by employment purposes cannot be used for that purpose without the express consent of the employee.
6. Establish a new committee (the health research privacy committee) that will be required to approve all health research proposals, which require personal health information from a trustee, instead of the Health Information Privacy Committee and institutional research review committees. The purpose of this amendment is to enable the implementation of a new streamlined approval process for research proposal. All such proposals are also to be approved by an ethics committee to be established by Research Manitoba.
7. Extend the limitation period for the prosecution of offences under PHIA.
Further, amendments were made to the Personal Health Information Regulation that will come into force on January 1, 2022 to enable implementation of the privacy breach notification requirements for trustees under PHIA, as well as to enable implementation of the new approval process for all health research proposals, which require personal health information from a trustee.
Manitoba Health and Seniors Care has developed the attached Questions and Answers document (a reference tool for trustees and other stakeholders) on the amendments. The Department has also developed the attached Guidance documents respecting the new privacy breach notification requirements, and the new limited authority to disregard an access request and to determine that an access request has been abandoned.