There are four different legislative Acts that establish rules regarding the collection, use, disclosure of and access to information. Because there are differences between the Acts, it is important to determine which governs your physiotherapy practice/environment. It is possible that more than one act can apply.
PIPA will apply in almost all cases to the personal and employee information collected, used and disclosed by physiotherapists in the private sector.
When does PIPA apply?
PIPA applies to personal/employee information collected, used and disclosed by physiotherapists:
- Whose services are paid for directly by the patient.
- Whose services are paid by a third-party insurer.
- Whose services are paid for by the Alberta Workers’ Compensation Board.1
- Who operate their own physiotherapy practice or work in partnership with someone else, and who hire employees, contractors or volunteers.
This provincial legislation governs the collection, use, disclosure, and access to health information within Alberta’s publicly funded health system.
When does HIA apply?
HIA applies to health information including general patient information (name, personal health number, gender, date of birth, and marital status) and governs health information collected by a physiotherapist if/when the physiotherapist is:
- employed by or contracting services to a physiotherapy practice operated by AHS, a hospital or nursing home,
- providing physiotherapy services pursuant to a contract with AHS, or
- paid directly by Alberta Health and Wellness in whole or in part.
Consent under HIA
HIA rules regarding the collection, use and disclosure of information differ from PIPA, PIPEDA and FOIP. If employed by AHS, a hospital or nursing home, you are considered an ‘affiliate’ under HIA. A physiotherapist working independently/in private practice and billing Alberta Health Care would be considered a ‘custodian.’
Under HIA, consent is not required before a custodian or affiliate can disclose information to another
healthcare provider. Under other circumstances, consent is generally required to disclose information to a third-party.
Establishes the rules for the collection, use, disclosure of, and access to personal information during the course of ‘commercial activities.’ Personal information is broadly defined as ‘information about an identifiable individual’ but does not include the name, title or business address of an employee of an organization.
When does PIPEDA apply?
PIPEDA can apply to Alberta physiotherapists in limited circumstances where personal information is being transferred across provincial boundaries (e.g., to a third-party insurer in another province).
Note: PIPEDA contains a few exceptions when personal information can be disclosed without the individual’s consent. One exceptions is to collect a debt the individual owes you/your practice; however, in this case only the minimal amount of information necessary to collect the debt is to be released.
FOIP establishes the rules for collecting, using, disclosing, and accessing information/records in the possession of a ‘public body’ defined as:
- Alberta government department, branch or office.
- Agency, board, commission, corporation, office or other body designated as a public body in the regulations (e.g., WCB).
- Local public body (e.g., educational body, healthcare body or local government such as a municipality or a municipal board).
- FOIP applies to all records in the public body’s custody/control and is broadly defined to include ‘information in any form,’ and can include information stored in any manner.
When does FOIP apply?
FOIP may apply to information collected, used and disclosed when a physiotherapist is employed by, or contracting services to, a school or school board.
- Physiotherapists/clinics with WCB contracts also governed by the Workers’ Compensation Act, which gives the WCB a right of access to information in a patient’s file. FOIP may also apply to records related to WCB claims, depending on the circumstances.