Alberta’s New Mandatory Breach Reporting Requirements

In May of 2018, the province of Alberta approved new mandatory breach reporting amendments to the Health Information Regulation (HIR) and the Health Information Act (HIA). These new amendments will come into force on August 31, 2018.

What Has Been Added to the HIA?

The new amendments detail the reporting responsibilities of custodians and affiliates in the event of a loss, unauthorized access or disclosure of identifying health information.

For Custodians

As per the new rules, custodians must report the “loss of individually identifying health information or any unauthorized access to or disclosure of individually identifying health information in the custody or control of the custodian if there is a risk of harm to an individual as a result of the loss or unauthorized access or disclosure”

For Affiliates

Affiliates must report any loss, unauthorized access or disclosure of identifying health information to their custodian.

Notification Requirements

If the custodian believes the breach has resulted in harm to the individual, the custodian, as soon as practicable is required to notify:

  • The Commissioner
  • The Minister
  • The Individual

Offence Penalty Amendments

The new regulations also include new penalties for custodians and affiliates who:

  • Fail to report a breach
  • Fail to take “reasonable steps to maintain safeguards to protect health information, which includes administrative, technical and physical safeguards” (OIPC).

According to the OIPC of Alberta, a custodian or affiliate found guilty of one of the above offences can face a fine of up to $50,000.

Stay Up-To-Date on the New Requirements

If you’re looking for valuable information and resources on the upcoming reporting amendments, check out Information Managers.

In response to the upcoming changes, Information Managers is providing free updates on “tips, tools, templates, and training when they become available.”

To sign up for their updates, click here!