Skip to main content

Click here for updates and notices regarding Nova Scotia Health and COVID-19

Regulatory Requirements and Personal Health Information

News and Updates RSS  

Health Canada is the applicable Canadian federal authority that administers and enforces the Food and Drugs Act, which includes the Medical Devices Regulations (SOR/98-282) and pursues its regulatory mandate under the Food and Drug Regulation.

The Personal Health Information Act, S.N.S. 2010, c. 41 (PHIA) is Nova Scotia’s health privacy law that governs how regulated health care professionals and organizations collect, use, disclose and maintain personal health information. PHIA comes into force on June 1, 2013.

The Personal Information Protection Electronic Documents Act S.N.S. 2006, c. 3 (PIPEDA) is the federal privacy legislation that establishes the rules to govern the collection, use and disclosure of personal information. PIPEDA applies to any “commercial” activity, including the delivery of health services considered to be commercial.

The Personal Information International Document Protection Act (“PIIDPA”) This Act provides additional protection to the personal information held by Nova Scotia "public bodies" and municipalities when that personal information is being collected, used, or disclosed by those organization

Foreign Privacy Legislation

As a Nova Scotian and Canadian organization, Nova Scotia Health can only confirm compliance with Provincial and Federal privacy legislation or guidelines. If compliance with any foreign legislation is required to participate in a particular research study, further consideration and discussion will be necessary but may not result in compliance assurance.

Privacy Impact and Data Protection Approval

Nova Scotia Health is governed by provincial privacy legislation specific to Personal Information (PI) and Personal Health Information (PHI), namely the Nova Scotia Personal Health Information Act (“PHIA”) and the Nova Scotia Personal Information International Disclosure and Protection Act (“PIIDPA”). In addition to this, health information access, transfer of data as well as adding to/using Nova Scotia Health IT platforms or the Nova Scotia Health network must be reviewed prior to implementation. The Nova Scotia Health Privacy Office is the primary contact for compliance with privacy requirements, information practices, complaints and organizational practices and procedures in relation to PHI. Nova Scotia Health is the legal Custodian of all NS Health patient PHI including any PHI collected for the purpose of Nova Scotia Health Research Ethics Board (REB) approved research. Individual health care providers are not the Custodian of the PHI of their patients. Research, Innovation and Discovery has a Privacy Officer that reviews research for compliance, via data access assessments, privacy impact assessments (PIAs), and data impact protection assessments (DPIAs).