Health Information Act

The Health Information Act (HIA) establishes rules for the collection, use, and disclosure of health information – balancing the protection of individual privacy and the necessity to share appropriate health information. It also regulates the scope and procedures of Alberta Netcare Masking.

HIA requires custodians (either named healthcare organizations or named professions in the Health Information Regulation) and affiliates (employees, volunteers, contractors and authorized staff who work for a custodian) to only collect, use and disclose health information in the most limited manner, with the highest degree of anonymity possible and only on a need-to-know basis.

What is the HIA?

The provincial Health Information Act (HIA) establishes the rules that must be followed for the collection, use, disclosure and protection of health information. It balances the protection of privacy with enabling health information to be shared where appropriate. The HIA sets out the rules that help to protect individuals’ privacy through Alberta Netcare Masking.

Who is a custodian?

The term “custodian” is defined and custodians are listed in the HIA, including the following:
  • Alberta Health and the Minister of Health
  • Alberta Health Services
  • Covenant Health
  • Health Quality Council of Alberta
  • Ambulance operators
  • Nursing home operators
  • Regulated members of health professions designated in the HIA
  • Individuals or boards, councils, committees, commissions, panels, agencies, corporations or other entities designated in the Health Information Regulation

Refer to section 1(1)(a) in the HIA and section 2 in the Health Information Regulation for the complete definition and listing of designated custodians.


Who is an affiliate?

In relation to a custodian, the HIA defines "affiliate" as the following:
  • an individual employed by the custodian
  • a person who performs a service for the custodian as an appointee, volunteer or student or under a contract or agency relationship with the custodian
  • a health services provider who is exercising the right to admit and treat patients at a hospital
  • an information manager (e.g. your Electronic Medical Record or Pharmacy Management System vendor, or your document storage and shredding providers.)

Refer to sections 1(1)(a) and 1(3) in the HIA for the complete definition.


Who is an authorized custodian?

An “authorized custodian” is a custodian that has met the requirements to be authorized to use Alberta Netcare. According to the Alberta Electronic Health Records Regulation, a custodian must complete the following steps to be authorized to use Alberta Netcare:
  • establish and adopt privacy and security policies as required by section 63 of the HIA
  • prepare and submit a Privacy Impact Assessment to the Information and Privacy Commissioner regarding their use of Alberta Netcare
  • complete a Provincial Organizational Readiness Assessment with Alberta Health
  • enter into an Information Manager Agreement with Alberta Health regarding their participation in Alberta Netcare
  • receive Alberta Health's approval to access Alberta Netcare

Refer to section 3 in the Alberta Electronic Health Records Regulation for the complete authorized custodian requirements.

Currently, members of the following regulated health professions are eligible to become authorized custodians:

  • College of Chiropractors of Alberta (CCOA)
  • The Alberta College of Optometrists (ACO)
  • The Alberta College of Pharmacy (ACP)
  • The College of Dental Surgeons of Alberta (CDSA)
  • College of Registered Nurses of Alberta (CRNA)
  • College of Physicians and Surgeons of Alberta (CPSA)

Alberta Health may add health professions to this listing in the future. If your profession is not listed, contact your health professional college for more information.


What is the Alberta Netcare Electronic Health Record (EHR)?

An Electronic Health Record (EHR) is a secure and confidential electronic system that collects and stores health information. It is made up of many connected components, which together deliver healthcare providers key patient information at the point of care. Alberta Netcare is Alberta’s provincial EHR.

Can any healthcare provider access an individual's EHR?

No. For security purposes, special authorization is required for healthcare providers to access the Alberta Netcare EHR. User access is restricted based on their role and profession. 
  • Authorized healthcare providers are asked for their unique username and password every time they access Alberta Netcare.
  • The security controls utilized for the Alberta Netcare EHR are based on legislative requirements, security industry best-practices and standards of practice.
  • Any access to the Alberta Netcare EHR is logged to an access log. These logs are audited monthly. 
  • Anyone who knowingly collects, uses or discloses health information inappropriately could be subject to fines and disciplinary measures.

Who is an authorized healthcare provider?

An authorized healthcare provider is an authorized custodian or their affiliates who works at an authorized healthcare facility and has been granted access to Alberta Netcare for direct patient care. The facility must have completed privacy (PIA) and security assessments (p-ORA) prior to Alberta Netcare being deployed.

How do I know if a patient's EHR is masked?

In Alberta Netcare Portal, the patient's EHR will have a “lock” icon next to the individual’s name. This indicates that their EHR is masked. It is not necessary to view an individual’s lab and other data in order to determine if a mask has been set.

Additional HIA-related documents are available in Alberta Health's Acts and Regulation section. Use this link to monitor changes and updates to the HIA and other related topics.

 


If you require support, please visit our Contact Us page.