Privacy+and+Security+Links

= = =**Privacy Legislation and Information and Privacy Commissioner Links**= Personal Information Protection and Electronic Documents Act (PDF) (2000) || [|Federal Privacy Commissioner] || Health Information Act Health Information Act Amendments (PDF) Personal Information Protection Act [|Health Legislation and Regulations] || [|Information and Privacy Commissioner of Alberta] || Freedom of Information and Protection of Privacy Regulations Personal Information Protection Act Personal Information Protection Act Regulations eHealth (Personal Health Information Access and Protection of Privacy Act || [|Information and Privacy Commissioner of British Columbia] || Personal Health Information Act || [|Ombudsman for Manitoba] || Personal Health Information Privacy and Access Act General Regulation NB Reg.2010-112 || Information and Privacy Commissioner for New Brunswick || Access to Information Regulations Personal Health Information Act Pharmacy Network Regulations under PHIA Personal Health Information Regulations under PHIA || [|Information and Privacy Commissioner of Newfoundland and Labrador] || Personal Health Information Act (PDF) Personal Health Information Regulations Personal Information International Disclosure Protection Act || [|FOIPOP Review Office] || Access to Information and Protection of Privacy Regulations (PDF) Health Information Act (PDF) || [|Commissioner] || R.R.O. 1990, Reg.459 Disposal of Personal Information (FIPPA) R.R.O. 1990, Reg.460 - General (FIPPA) Municipal Freedom of Information and Protection of Privacy Act R.R.O. 1990, Reg.823 - General (MFIPPA) [|R.R.O. 1991 - Reg.372 - Institutions (MFIPPA)] Personal Health Information Protection Act [|O.Reg. 329/04 - Regulation under PHIPA] || Information and Privacy Commissioner for Ontario || General Regulations (FIPPA)(PDF) Health Information Act (PDF) || [|Information and Privacy Commisioner] || Act Respecting the Protection of Personal Information in the Private Sector || [|Commission d'acces a l'information du Quebec] || [|Local Authority Freedom of Information and Protection of Privacy Act] (PDF) [|Health Information Protection Act] (PDF) || [|Information and Privacy Commissioner] || Health Information Privacy and Management Act || Information and Privacy Commissioner || =Legislation Resources=
 * **Canada** || Federal || [|Privacy Act (PDF)] (1983)
 * Canada || Alberta || Freedom of Information and Protection of Privacy Act
 * Canada || British Columbia || Freedom of Information and Protection of Privacy Act
 * Canada || Manitoba || Freedom of Information and Protection of Privacy Act
 * Canada || New Brunswick || Right to Information and Protection of Privacy Act (PDF)
 * Canada || Newfoundland and Labrador || Access to Information and Protection of Privacy Act
 * Canada || Nova Scotia || Freedom of Information and Protection of Privacy Act (PDF)
 * Canada || Northwest Territories || [|Access to Information and Protection of Privacy Act (PDF)]
 * Canada || Nunavut || Access to Information and Protection of Privacy Act (PDF) || Information and Privacy Commissioner ||
 * Canada || Ontario || Freedom of Information and Protection of Privacy Act
 * Canada || Prince Edward Island || Freedom of Information and Protection of Privacy Act (PDF)
 * Canada || Quebec || Act Respecting Access to Documents Held by Public Bodies and the protection of Personal Information
 * Canada || Saskatchewan || [|Freedom of Information and Protection of Privacy Act] (PDF)
 * Canada || Yukon Territory || Access to Information and Protection of Privacy Act (PDF)

Privacy and EHR Information Flows in Canada, Common Understandings of the Pan-Canadian Health Information Privacy Group, Canada Health Infoway - This documents the conditions for information-sharing between jurisdictions. Privacy Map - Federal and Provincial privacy laws in Canada - by Nymity Substantially Similar Provincial Legislation - Privacy Commissioner for Canada - outlines provincial privacy legislation deemed "substantially similar" to PIPEDA meaning that the legislation takes precedence over PIPEDA in those jurisdictions.

=Privacy Standards and Codes=

CSA Model Code for the Protection of Personal Information OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data CICA Generally Accepted Privacy Principles OCAP Principles (First Nations) Asia Pacific Economic Cooperation (APEC) Privacy Principles

=Privacy Impact Assessment=

Privacy Impact Assessment Process (BC Ministry of Citizens' Services and Open Government) Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act (Ontario OIPC) Privacy Impact Assessment Requirements (Alberta OIPC) [|Privacy Impact Assessment Policy] and [|Privacy Impact Assessment Guidelines] Treasury Board of Canada Privacy Audit - A Compliance Review Tool (OIPC for Newfoundland and Labrador) Privacy By Design Privacy Impact Assessment (Ontario OIPC)

=Privacy By Design=

Privacy By Design - Take the Challenge by Dr. Ann Cavoukian Privacy By Design Website Canada Health Infoway - Electronic Health Record Privacy and Security Requirements Canada Health Infoway - Privacy and Security Conceptual Architecture

=Information Governance= Canada Health Infoway - Information Governance of the Interoperable Electronic Health Record Canada Health Infoway - Privacy and EHR Information Flows in Canada V2 (Common Understandings) Privacy and Boards of Directors: What You Don't Know Can Hurt You - Ontario Information and Privacy Commissioner

=Privacy Maturity Model=

AICPA/CICA Privacy Maturity Model

=Supreme Court of Canada Rulings=

McInerney v. MacDonald (ownership of medical records)

=Privacy Commissioner Orders=

Ontario
HO-001 HO-002 HO-003 [|HO-004] HO-005 [|HO-006] [|HO-007] [|HO-008] [|HO-009] [|HO-010] [|HO-011]

=Consumer Attitudes=

EKOS Survey on Electronic Health Information and Privacy 2007 Ipsos-Reid - Electronic Health Information and Privacy Survey 2012 = = =Professional Ethics, Standards, Guidelines and Codes=

Ontario College of Dental Surgeon’s e-recordkeeping guidelines

=Security Threat and Risk Assessment=

Harmonized Threat and Risk Assessment Methodology (Royal Canadian Mounted Police and Communications Security Establishment)

=Security Standards=

(Note that ISO documents must be purchased)

ISO/IEC 27001 - Information Security Management System - Requirements ISO/IEC 27002 - Code of Practice for Information Security Management ISO/IEC 27005 - Information Security Risk Management [|ISO 27799 - Information Security Management in Health Using ISO/IEC 27002] ISO 29100 - Security Techniques - Privacy Requirements IHE IT Infrastructure Profiles IHE Security Cookbook

=Privacy and Security Guidelines=

COACH Guidelines for the Protection of Health Information [|eHealth Ontario - Guide to Information Security for the Health Care Sector]

=Privacy and Security Certification=

Common Criteria for Information Technology Security Evaluation Infoway Certification Services


 * Privacy and Security Training **

Privacy and Security Training Games - US HIT Privacy Training - Alberta Health Services FOIP Training - Alberta Privacy Training - Health Canada, NIHB Access and Privacy Training - Government of Saskatchewan

Privacy Breach Management
What to do When Faced With a Privacy Breach - Guidelines for the Health Sector (Ontario IPC) Privacy Assessment: UHN's Response to Breaches of Patient Privacy - IPC, 2002

Use of Email for PHI
Using email communication with your patients: legal risks - Canadian Medical Protective Association