Government of New Brunswick

Overview of legislation

The privacy and protection of your personal health information is a priority in New Brunswick. When you receive health services, you have a right to expect the appropriate use and safe keeping of your personal health information.

The Personal Health Information Privacy and Access Act (PHIPAA) provides a set of rules that protects you privacy and the confidentiality of you personal health information. At the same time, the Act ensures that information is available, as needed, to provide health services to those in need and to monitor, evaluate and improve the health system in New Brunswick.

Department of Health Privacy Notice

A condensed version of the privacy notice which highlights how the Department of Health will protect your personal privacy under privacy legislation is available here.

The full version of the privacy notice which provides further detail on how the Department of Health will protect your personal privacy is also available here.

Questions and Answers

Below are some frequently asked questions about the Personal Health Information Privacy and Access Act. A detailed Q&A is also available here.

For custodians, a detailed list of questions and answers are available here.

What kind of information will be covered under the PHIPPA Act?

PHIPAA applies to personal health information held by any custodian in New Brunswick, regardless of format. Personal health information is defined in part as identifying information about an individual pertaining to that person’s mental or physical health, family history or health care history. This includes:

  • genetic information;
  • registration information, including the Medicare number of the individual;
  • information that relates to the provision of health care to the individual;
  • information about payments or eligibility for health care or health-care coverage in respect of the individual;
  • information pertaining to a donation by the individual of any body part or bodily substance;
  • information derived from the testing of a body part or bodily substance of the individual; and
  • information that identifies the individual’s health-care provider or substitute decision maker. 

All parts of PHIPAA apply equally to information regardless of form, including information that is oral, written or photographed. It applies to information recorded or stored in media such as paper, microfilm, X-rays and electronic records. Examples of personal health information include:

  • a medical record held by a physician;
  • a patient record held by a hospital;
  • X-rays and images of an individual;
  • registration information (Medicare number and other information such as an individual’s name and date of birth) held by the Department of Health to register individuals for insured services; and
  • records of prescriptions filled by a pharmacist.

What is a “custodian”? To whom does the PHIPPA act apply?

PHIPAA applies generally to a group of stakeholders throughout the health system and government referred to as “custodians.”

The act defines a custodian as an individual or organization that collects, maintains or uses personal health information for providing or assisting in the provision of health care or treatment or the planning and management of the health-care system or delivering a government program or service.

Examples include: the Department of Health; regional health authorities; hospitals; health-care providers (for example, physicians, dentists, nurses, pharmacists); public bodies (including but not limited to government departments and Crown corporations); ambulance operators; and individuals or organizations known as information managers that manage personal health information on behalf of another custodian.

What are my individual rights under PHIPAA?

PHIPAA identifies specific rights for individuals with respect to their personal health information. Your rights are important because they ensure that you will be involved in decisions about your personal health information.

You have the right to:

  • be informed about the purpose for the collection and the anticipated uses and disclosures of your personal health information;
  • withhold or withdraw consent for the collection, use and disclosure of your personal health information except in specific circumstances outlined in the Act;
  • designate another person to make decisions about your personal health information;
  • request to examine or receive a copy of your personal health information and request correction of your personal health information once you have examined it;
  • refuse to provide your Medicare number to any person or organization that collects the information as identification for a non-health service;
  • make a complaint to the Information and Privacy Commissioner about a custodian’s decision with respect to your request to access or correct your record or with respect to a custodian’s information practices;
  • appeal or refer a matter to court;
  • be informed if your personal health information has been lost, stolen or otherwise inappropriately destroyed, disclosed to or accessed by an unauthorized person where it is reasonable to conclude that this could identify or otherwise harm you.