Home
Français
Acts and Regulations
2010-112
- General
Table of contents
Enabling Act
0
Full text
NEW BRUNSWICK
REGULATION 2010-112
under the
Personal Health Information
Privacy and Access Act
(O.C. 2010-271)
Filed August 23, 2010
Under section 79 of the
Personal Health Information Privacy and Access Act
, the Lieutenant-Governor in Council makes the following Regulation:
Citation
1
This Regulation may be cited as the
General Regulation
-
Personal Health Information Privacy and Access Act
.
Definitions
2
The following definitions apply in this Regulation.
“Act”
means the
Personal Health Information Privacy and Access Act
.
(Loi)
“electronic health record”
means an electronic record of an individual’s personal health information that is accessible from interoperable systems within an information network.
(dossier électronique de santé)
“information network”
means an information network designated by the Minister under paragraph 37(6)(
c
) of the Act.
(réseau d’information )
“Tri-Council Policy Statement”
means the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans, 2nd Edition (December 2008), as amended from time to time.
(Énoncé de politique des trois Conseils)
GENERAL
Designation of custodians
3
The following persons are designated as custodians for the purpose of the definition “custodian” in section 1 of the Act:
(
a
)
a school or school district;
(
b
)
a coroner appointed under the
Coroners Act
; and
(
c
)
a successor who obtains custody of records containing personal health information held by a custodian.
Designation of health care facilities
4
A facility located within a building or premises, including a private residence or a provincial jail, in or from which health care is provided by a health care provider is designated as a health care facility for the purposes of the definition “health care facility” in section 1 of the Act.
Designation of health care providers
5
The following classes of persons are designated for the purpose of the definition “health care provider” in section 1 of the Act:
(
a
)
social workers registered under the
New Brunswick Association of Social Workers Act, 1988
; and
(
b
)
New Brunswick members of the Canadian Health Information Management Association.
Personal health information prescribed
6
Personal health information collected by an individual or organization for the purpose of providing or assisting in the provision of health care or treatment or the planning and management of the health care system or delivering a government program or service is prescribed for the purposes of paragraph 3(1)(
b
) of the Act.
Individuals or organizations to which the Act does not apply
7
The Act does not apply to the following individuals or organizations:
(
a
)
the New Brunswick Insurance Board;
(
b
)
the New Brunswick Human Rights Commission;
(
c
)
the Labour and Employment Board established under the
Labour and Employment Board Act
;
(
d
)
the Designation Appeal Board established under the
Post-Secondary Student Financial Assistance Act
;
(
e
)
the Premier’s Council on the Status of Disabled Persons;
(
f
)
a review board appointed under section 30 of the
Mental Health Act
;
(
g
)
the Mental Health Services Advisory Committee established under the
Mental Health Services Act
;
(
h
)
a tribunal appointed under section 7.5 of the
Mental Health Act
;
(
i
)
a person, service or organization designated as psychiatric patient advocate services under the
Mental Health Act
;
(
j
)
a review board established by the Restigouche Hospital Center Inc.; and
(
k
)
the Appeals Tribunal established under the
Workplace Health, Safety and Compensation Commission Act
.
Acts to which the Act does not apply
8
The following Acts of the Legislature are prescribed for the purpose of paragraph 4(2)(
b
) of the Act:
(
a
)
the
Archives Act
; and
(
b
)
the
Family Income Security Act
.
FEES
Search and preparation fees
9
(1)
An individual shall pay a search and preparation fee to a custodian if the custodian estimates that search and preparation related to the individual’s request to examine or receive a copy of the individual’s personal health information takes more than 2 hours.
9
(2)
The fee payable for search and preparation shall be $15 for each half-hour beyond the first 2 hours of search and preparation related to the individual’s request.
Copying fees
10
An individual shall pay the following copying fees to the custodian when the individual makes a request to examine or receive a copy of the individual’s personal health information:
(
a
)
if the information in relation to the request is stored or recorded in printed form and able to be copied using a photocopier or computer printer, 25 cents for each page copied;
(
b
)
if the information in relation to the request is not able to be copied using a photocopier or computer printer, the actual cost of providing copies of the request.
Computer programming and data processing fees
11
If a custodian requires the use of computer programming or incurs data processing costs in responding to a request to examine or receive a copy of an individual’s personal health information, the individual shall pay to the custodian
(
a
)
ten dollars for each 15 minutes of internal programming or data processing; or
(
b
)
the actual cost of external programming or data processing incurred by the custodian.
Mail and courier delivery
12
(1)
No fee shall be payable by an individual to a custodian for mailing a request to examine or receive a copy of his or her personal health information by regular mail.
12
(2)
If courier delivery costs are necessary in responding to a request to examine or receive a copy of an individual’s personal heath information, the custodian may charge to the individual the actual cost of the courier delivery.
Waiver of fees
13
A custodian may waive all or part of the fees payable under this Regulation if the custodian is satisfied that payment would impose an unreasonable financial hardship on the individual.
INFORMATION NETWORKS AND ELECTRONIC HEALTH RECORDS
Information networks
14
(1)
Before designating an information network, the Minister, in writing, shall
(
a
)
identify the type or nature of personal health information to be contained in the information network,
(
b
)
identify the source, including other information networks, from which the personal health information may be collected in or by the information network,
(
c
)
identify one or more of the purposes referred to in subparagraphs 37(6)(
c
)(i), (ii) and (iii) of the Act for which the information network is established,
(
d
)
identify the purpose for which personal health information is recorded in or by the information network,
(
e
)
identify the purpose for which personal health information may be disclosed by or from the information network,
(
f
)
identify to whom personal health information contained in the information network may be disclosed, and
(
g
)
identify and impose on the custodian limits or conditions on the collection, storage, use or disclosure of personal health information contained in or disclosed from an information network that are, in the opinion of the Minister, required for the privacy and security of the personal health information.
14
(2)
The information referred to in subsection (1) may be published on the Internet or disseminated in such other manner as the Minister considers appropriate.
Electronic health record
15
An electronic health record, once created by the Minister, is established for each individual and compiled within an information network designated by the Minister for the purpose referred to in subparagraph 37(6)(
c
)(iii) of the Act.
MISCELLANEOUS
Registry of personal health information
16
The following custodians are designated for the purpose of compiling or maintaining a registry of personal health information under paragraph 37(6)(
d
) of the Act:
(
a
)
the Minister;
(
b
)
a regional health authority;
(
c
)
FacilicorpNB Ltd.;
(
d
)
Ambulance New Brunswick Inc.; and
(
e
)
the Canadian Blood Services.
Research review body
17
For the purposes of subsection 43(2) of the Act, a research review body shall be established and operated in conformity with the Tri-Council Policy Statement.
Disclosure outside the Province
18
A custodian may, under section 47 of the Act, disclose personal health information relating to an individual that is collected in the Province to a person outside the Province in circumstances described in section 43 of the Act.
Breach of privacy
19
(1)
If a breach of privacy referred to in subparagraph 49(1)(
c
)(i), (ii) or (iii) of the Act occurs, the custodian of the personal health information shall, at the first reasonable opportunity, give notice to
(
a
)
the person to whom the information relates in person, by telephone or in writing, and
(
b
)
the Commissioner.
19
(2)
When giving notice under subsection (1), the custodian shall provide the following information:
(
a
)
the name of the custodian;
(
b
)
the name and contact information of the person designated by the custodian to respond to inquiries about the custodian’s information practices;
(
c
)
a description of the nature of the breach of privacy;
(
d
)
the date and location of the breach of privacy; and
(
e
)
the date the breach of privacy came to the attention of the custodian.
Security requirements
20
(1)
A custodian shall establish and comply with a written policy and procedures with respect to information practices for the protection of personal health information containing the following requirements:
(
a
)
measures to protect the security of personal health information during its collection, use, disclosure, storage and destruction;
(
b
)
measures, for example by the use of passwords and encryption, to ensure that removable media used to record, transport or transfer personal health information is appropriately protected when in use;
(
c
)
measures to ensure that removable media used to record personal health information is stored securely when not in use;
(
d
)
measures to ensure that personal health information is maintained in a designated area and is subject to appropriate security safeguards;
(
e
)
measures that limit physical access to designated areas containing personal health information to authorized persons;
(
f
)
procedures that provide for the recording of security breaches; and
(
g
)
corrective procedures to address security breaches.
20
(2)
A custodian shall keep a record of all security breaches by recording the security breaches and corrective procedures taken to diminish the likelihood of future breaches.
Information managers
21
A written agreement for the provision of personal health information between a custodian and information manager referred to in subsection 52(3) of the Act shall describe
(
a
)
the services to be provided to the custodian, and
(
b
)
the administrative, technical and physical safeguards employed by the information manager relating to the confidentiality, security, accuracy and integrity of the personal health information.
Personal health information stored outside Canada
22
Information managers providing a public body with information management or information technology services may store personal health information in their custody or in their control outside Canada.
Commencement
23
This Regulation comes into force on September 1, 2010.
Copy
Select this element
Select parent element
Unselect all
Copy to Drafting
Copy to LAW
Copy to Clipboard
To copy : Ctrl+C
0
Advanced search (includes point-in-time)
Consolidated Acts and Regulations
Acts
by title
by chapter
by department
Regulations
by regulation number
Annual Acts and Regulations
Acts
by year
Regulations
by year
Access Rules of Court
by rule number
Repealed Legislation (2011 onward)
Acts
by title
Selections
Show
Selections in current document
All selections in the collection
Selected elements
Delete all selections
Show selections
Cyberlex
Version 2.2.4.0