You have the right to access your personal health information held by your healthcare provider. In general, your healthcare provider cannot refuse to let you see the information in your file, except if they believe that the access may put you or someone else at risk.   Typically, the easiest way to access your health records […]

You have the right to submit a complaint if you believe that either your request has not been properly fulfilled or you have been mistreated. If you live in BC, you can file a complaint through the Office of the Information and Privacy Commissioner for British Columbia for matters involving private sector organizations or provincial […]

You have a right to access your medical records held by a hospital, clinic or care facility operated by the government, or in the electronic health record (EHR) system. Your right to access is limited when there is a legal reason that the information in the record should not be given to you.  You must […]

Once a request is submitted, the information holder usually has 30 days to respond to the request; however, it is common for the information holder to extend the response deadline by an additional 30 days. Information holders can extend the response deadline if it is approved by the Privacy Commissioner, if the requestor has not […]

In 2008, BC’s E-Health (Personal Health Information Access and Protection of Privacy) Act (e-Health Act) was enacted to support the development of the e-Health system.  Under the e-Health Act, the Minister can designate any health database in the public system as a health information bank (HIB) and require it to be filled with information from […]

Reasons for refusal depend on the information you are requesting and from whom. If an information holder refuses your request partially or fully, the information holder must explain the refusal to you.   List of some reasons a request could be refused:  The disclosure would compromise an investigation or law enforcement operation  The disclosure would risk […]

The Manitoba Ombudsman, in reference to suggestions made by the Office of the Information and Privacy Commissioner of Alberta, has developed a guidance sheet on how to respond to privacy breaches which will be relevant for any jurisdiction.   Summary of the key steps:  Containing the Breach  Change passwords + two-factor verification  Contact the office in […]

The information holder should tell you if they do not have the records you requested. If they know that a different institution has them, they should transfer your request and inform you that the request has been transferred. The institution that received your request must then respond to you within 30 business days of the […]

To request 911 records, an applicant must directly contact and request from the originating emergency agency. For example, if a police department was involved, that specific police department in the relevant jurisdiction should be contacted. Please see E-Comm’s 911 website for more information.   Requests for audio recordings of 911 calls may be denied based on […]

The Office of the Information & Privacy Commissioner (OIPC) has provided guidance about privacy concerns between landlords and tenants in British Columbia. Simply put, landlords must comply with the Personal Information Protection Act (PIPA). Anyone offering rent—whether it is a secondary suite, condo, or apartment—is subject to the rules of PIPA. The rules of PIPA […]

When requesting your personal information from a public body, one of the first things you should do is verify that the public body has the personal information you seek. Accessing information, even if it is your own, can sometimes be a long drawn-out process so it is important to verify they have it before starting […]

Private sector organizations can collect your personal information for legitimate and reasonable purposes; however, they must follow the personal information and privacy rules set out in the Personal Information Protection Act, which are based on the ten principles of privacy protection.  For example, the organization should identify the purpose for collecting personal information, including how […]