Acts and Regulations

P-7.05 - Personal Health Information Privacy and Access Act

Section 52
Disposition versions

Full text
Agents and information managers
52(1)A custodian that retains the services of an agent for the collection, use, disclosure or retention of personal health information shall enter into a written agreement with the agent requiring the agent to comply with the custodian’s legal obligations regarding handling of personal health information.
52(2) A custodian may provide personal health information to an information manager for the purpose of processing, storing or destroying the personal health information or providing the custodian with information management or information technology services.
52(3)A custodian that wishes to provide personal health information to an information manager shall enter into a written agreement with the information manager, in accordance with the regulations, that provides for the protection of the personal health information against risks such as unauthorized access to or use or disclosure, secure destruction or alteration of the information.
52(4)An information manager who enters into a written agreement under subsection (3) shall comply with
(a) the duties imposed on the information manager under the agreement, and
(b) the same requirements concerning the protection, retention and secure destruction of personal health information that the custodian is required to comply with under this Act.
Agents and information managers
52(1)A custodian that retains the services of an agent for the collection, use, disclosure or retention of person health information shall enter into a written agreement with the agent requiring the agent to comply with the custodian’s legal obligations regarding handling of personal health information.
52(2) A custodian may provide personal health information to an information manager for the purpose of processing, storing or destroying the personal health information or providing the custodian with information management or information technology services.
52(3)A custodian that wishes to provide personal health information to an information manager shall enter into a written agreement with the information manager, in accordance with the regulations, that provides for the protection of the personal health information against risks such as unauthorized access to or use or disclosure, secure destruction or alteration of the information.
52(4)An information manager who enters into a written agreement under subsection (3) shall comply with
(a) the duties imposed on the information manager under the agreement, and
(b) the same requirements concerning the protection, retention and secure destruction of personal health information that the custodian is required to comply with under this Act.