- Who are you?
- STUDENT
- FUTURE STUDENT
- INTERNATIONAL
- PARENT
- FACULTY & STAFF
- ALUMNI
- COMMUNITY
- MEDIA
- VISITOR
Access and Privacy at UWinnipeg
Introduction to The Personal Health Information Act (PHIA)
This guideline provides an introduction to The Personal Health Information Act (PHIA). Subjects include:
- Purpose of PHIA
- Types of Personal Health Information
- Roles and Responsibilities
This guideline is intended for all University employees and is applicable to all personal health information (PHI) collected, used, or disclosed in the conduct of official University business. Additional procedural guidelines are available to assist University employees in fulfilling their duties under PHIA.
Purpose of PHIA
Personal health information is a particularly sensitive form of personal information. Because it relates to an individual’s private health and health care history it should be protected at all times. The collection, use, and disclosure of PHI must be strictly controlled so that individuals are not afraid to seek health care or to disclose sensitive and confidential information to health professionals. Individuals should also be able to access their own PHI as a matter of fairness, to enable them to make informed decisions about healthcare, and to request correction of information that is found to be inaccurate or incomplete.
Although PHI is highly sensitive, public bodies such as the University must routinely collect, use, and disclose it as part of their day to day operations. PHI is necessary to provide many essential health services, including medical, psychiatric, and rehabilitative care. The Personal Health Information Act (PHIA) exists to safeguard the PHI that is contained within records held by a public body, while also allowing the body to provide health services in an efficient and effective manner.
PHIA provides strict conditions for the collection, use, and disclosure of PHI, in order to protect the privacy of individuals. PHIA also allows individuals to access their own PHI and request the correction of inaccurate or incomplete information. Finally, PHIA requires public bodies to protect PHI through physical and electronic safeguards.
Types of Personal Health Information
PHI is any recorded information about an identifiable individual that relates to:
- The individual’s health, or health care history, including genetic information about the individual;
- The individual’s name, address, telephone number, Personal Health Identification Number, or any other identifying number, symbol, or information collected in the course of providing health care;
- The provision of health care to the individual; and
- Payment for health care provided to the individual.
PHI can be in a record of any form or format – paper or electronic – such as letters, databases, forms, reports, photographs and audio recordings, video recordings, and notes. PHIA applies to all PHI in the care or control of the University, except:
- Statistical health information; and
- Health information that either by itself or when combined with other information available to the requested, does not allow an individual to be identified.
Roles and Responsibilities
Under PHIA, individual employees and creating offices of the University who hold PHI are considered “trustees” of the information. Trustees must collect, use, disclose, and protect PHI according to the provisions of PHIA. In addition, trustees have a duty to assist individuals in obtaining access or requesting correction to their own PHI.
