Personal Health Information Privacy and Access Act- New Brunswick, Part-11

Now in today’s article we will discuss the practices, policies, procedures and security provisions provided pertaining to Personal health information under PHIPAA. We shall discuss the same under following head-

Information Practices

A custodian shall establish and implement information practices in order to facilitate the implementation of PHIPAA and to ensure compliance with. The act provides to designate a person to assist in ensuring compliance with PHIPAA, to respond to inquiries about the custodian’s information practices and to receive complaints from the public about any alleged contravention of this act or its regulation by the custodian. 

Notify the individual to whom the information relates and the ombud in the manner prescribed by the regulations at the first reasonable opportunity if personal health information is stolen, lost, disposed of (except permitted under PHIPAA) or disclosed to or accessed by an unauthorized person. It further asks to Promote openness, transparency of policies and procedures to the public.   

Security Safeguards

PHIPAA mandates a custodian to protect personal health information by adopting information practices that include reasonable administrative, technical and physical safeguard that ensures the confidentiality, security, accuracy and integrity of the information. 

The above mentioned provision shall be based on nationally and jurisdictionally recognized information technology security standards and processes, appropriate for the level of sensitivity of the personal health information to be protected.

The act further provides that a custodian shall implement controls that limit the person who may use personal health information maintained by the custodian to those specifically authorized by the custodian to do so. 

The provides to implement controls to ensure that personal health information maintained by the custodian cannot be used unless the identity of the prosna seeking  to use the information is verified as a person the custodian has authorized to use it and the proposed use is verified as being unauthorized under this act.

In case when a custodian uses electronic means to request disclosure of personal health information then the custodian is mandated to implement procedures to prevent the interception of the information by an unauthorised person. Further, agents of the custodian must ensure the adherence to the safeguards. 

Power to transform personal health information 

A custodian may strip, encode or otherwise transform personal health information in order to create or produce de-identified information. 

Picture Credit- https://healthitsecurity.com/