Yukon Information and Privacy Commissioner
Access to Information and Protection of Privacy (ATIPP)
What are my privacy rights under ATIPP?
ATIPP contains rules that a public body must follow when it wants to collect, use or disclose your personal information. These rules establish your right to privacy under ATIPP.
A public body
- can only collect your personal information if a law authorizes the collection, if the information is for law enforcement, or it is necessary for operating a program or activity of the public body;
- must tell you the purpose for collecting your personal information, its authority for collection, and provide you with the business title, address and telephone number of one of its officers or employees who can answer your questions about the collection;
- can only use your personal information for the purpose it was collected, for a consistent purpose, or with your consent for another purpose;
- can only disclose your personal information for the purpose for which it was collected, for a consistent purpose, with your consent, or for the other specified purposes in sections 36 and 38 of ATIPP;
- may, at your request, correct inaccurate personal information it holds and if it refuses, it must make a note showing the correction you requested;
- must make reasonable security arrangements to protect your personal information from such risks as accidental loss or alteration, and unauthorized access, use, disclosure or disposal.
What can I do if I have a concern that my privacy rights have been violated?
If you are concerned your privacy rights have been violated you can contact our Office and make a complaint or request a review by the Information and Privacy Commissioner.
How do I make a complaint or request a review?
Complete the Request for Review/Complaint Form and submit it to our office via fax, in person or by mailing it to the following address:
Office of the Information and Privacy Commissioner
Suite 201 - 211 Hawkins Street
Whitehorse, Yukon, Y1A 1X3
Phone: 867-667-8468 ext. 2
Office hours are Monday to Friday 8:30 A.M. to 4:30 P.M.
You can also obtain the form by contacting our Office.
- What is a custodian?
‘Custodian’ is a key term in HIPMA. This is an authorized person who may collect, use and disclose personal health information only in accordance with the legislation. Custodians include most health care providers, operators of hospitals and health facilities, the Yukon Government Department of Health and Social Services, the Department of Community Services Yukon Emergency Medical Services program, the Kwanlin Dun First Nation Health Centre, the Many Rivers Counselling and Support Services Society, and the Child Development Centre.
‘Health care providers’ are also defined. They include physicians, nurses, pharmacists, chiropractors, optometrists, dentists and related professionals, psychologists, occupational therapists, midwives, naturopaths, and speech language pathologists, as well as individuals defined in the Health Professions Act, such as physiotherapists.
‘Health facility’ is a defined term and includes medical clinics, community health centres, dental clinics, medical laboratories, specimen collection centres, pharmacies, nursing homes and other continuing or long-term care facilities.
- Do I have the right to access my personal health information?
Yes. Under HIPMA, you have the right to access your personal health information held by a custodian (see ‘What is a custodian?’).
Personal health information includes:
- information related to your health or health care provided to you;
- records of payments for your health care;
- information related to your donation of body parts, tissue or bodily substances; and
- information about testing or examinations that you have undergone.
- What is a ‘record of user activity’?
Electronic information systems used by custodians should have a ‘user-based’ capability to track access to any information within that system. This means that the system can differentiate between users, usually by the login credentials assigned to each user. Every time a custodian or one of their employees accesses your personal health information, they must each use their own login and the system records this access.
A ‘record of user activity’ is the record generated by the system that identifies who has accessed your personal health information. HIPMA gives you the right to request access to this record and the custodian is not allowed to charge you a fee to provide you with it.
You would request access to a record of user activity from a custodian in the same way you would request access to other personal health information from them (see ‘How do I request access to my personal health information?’).