Does HIPAA Compliance apply to Canadian companies?

HIPAA stands for Health Insurance Portability and Accountability Act. This act was passed by the U.S. Congress in 1996. Here’s what HIPAA entails:

•It provides American workers with the ability to continue health insurance coverage whenever a job is either changed or lost.

•It helps decrease fraud and abuse of the healthcare system.

•It carries out the standards for health care information on electronic payments.

•It requires the confidentiality of health information and protection.

Is HIPAA required for companies in Canada? The short answer is, “It depends.” If a Canadian company does business with a U.S. company, then the HIPAA would apply. Also, if a Canadian organization interacts with U.S. facilities involving Medicaid, Medicare, or other U.S. entities, then HIPAA would apply to that organization. Here’s another popular question.

Does Canada Have A Program Similar To HIPAA?

Yes, Canadians are protected under similar circumstances by a similar act. Canada has the Personal Information Protection & Electronic Documents Act (PIPEDA). This act became relevant in April of the year 2000. And it applies to any private organization in Canada that collects personal information during commercial activities. Here’s what PIPEDA entails:

•It’s the federal privacy law for Canadian organizations in the private sector.

•It recognizes the right of privacy for the personal information of individuals.

•It mandates the use and disclosure of an individual’s personal information.

•It allows an individual to access his/her personal information from an organization.

•It allows an individual to challenge the holding of personal information by an organization.

Items Considered “Personal Information” Under PIPEDA

According to this act, “personal information” is considered to be any information that can be used to identify an individual. Basically, it’s data which is obtained during a commercial activity. Let’s check out some items that can be considered “personal information” by PIPEDA.

•names, ID numbers, ages, and financial information (income)

•ethnicities and nationalities

•blood type, DNA, educational background, and employment history

•driver’s licenses and social insurance numbers

•loan records, credit records, medical records, and employee files

•comments, opinions, evaluations, and social status

Items NOT Considered As “Personal Information”

It would seem like everything under the sun could be considered as “personal information” by PIPEDA. However, this is not the case. Below are some items not covered under the act.

•provincial governments and their agents

•contact information for businesses (employee names, phone numbers, emails, etc.)

•an organization or individual’s collection and disclosure of personal information for personal purposes or for literary purposes (example: journals)

Recent News: PIPEDA Amendment

Some new provisions were set for PIPEDA in 2015. Organizations must follow a new set of data breach notification rules. Below is a list of the new responsibilities of organizations.

•Reports of data breaches must be sent to the Privacy Commissioner of Canada.

•Affected individuals must be notified when a data breach occurs.

•If other organizations can help settle issues with breaches, then they must be notified.

•All breaches must be tracked and recorded for at least 2 years after their occurrences.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button