PIPEDA is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.
PIPEDA stands for The Personal Information Protection and Electronic Documents Act.
Part of the reason that PIPEDA is important is that organizations covered under it must obtain consent from individuals when they collect, use, or disclose that data.
This means that information collected from clients can only be used for the purposes it was collected. If an organization wants to use that information again in a different way, they must again ask for consent.
According to PIPEDA, any personal information that is considered factual or subjective about an identifiable individual should be protected. This includes information in many different forms, such as:
PIPEDA is a federal regulation for protecting personal information.
PHIPA (Personal Health Information Protection Act) is a provincial regulation for protecting personal information, specifically as it relates to clients in Ontario.
The biggest key difference between these two regulations is that PIPEDA applies to personal information in a broader spectrum, while PHIPA focuses on protections for personal health information.
Because the federal government has concluded that PHIPA and PIPEDA principle guidelines are very similar in some ways, companies that are PHIPA compliant may be exempt from certain parts of PIPEDA.
It is a requirement in Canada that all federally-related organizations remain PIPEDA compliant, or be subject to an equivalent provincial law. This could include businesses, such as:
It’s important to note that these applicable businesses must also offer the same protections for their employees’ personal information, as they do for their clients.
There are certain provinces in Canada that have their own privacy laws (i.e., British Columbia, Alberta, Quebec). This generally means they are exempt from PIPEDA, because they are already subject to another provincial privacy law that’s considered equivalent.
Since healthcare in Canada is provided at the provincial level, each province has their own health data privacy requirements.
How can MedStack help with PIPEDA compliance ?
Some provinces have a requirement that health data must remain in Canada. MedStack can assist with this by ensuring the data of companies under this regulation are only housed in a Canadian data center.
We are the only platform that brings together compliance, security assessment responses, threat protection, and audit readiness into a complete offering, ensuring your application runs and manages data in the cloud with the highest privacy and security standards in mind.
Book a demo today and see how easy it is to get started with MedStack.
Get added value, medical security updates and MedStack’s latest releases right in your inbox.