Yukon Information and Privacy Commissioner
Your Rights under Yukon's Access and Privacy Laws
There are two access and privacy laws in Yukon. They are the Health Information Privacy and Management Act and the Access to Information and Protection of Privacy Act.
The Health Information Privacy and Management Act (HIPMA)
HIPMA applies to custodians and establishes a set of rules that custodians must follow in providing access to and protection of personal health information that they hold.
Custodians include most health care providers, operators of health facilities and hospitals, the Yukon Government Department of Health and Social Services, the Kwanlin Dun First Nation Health Centre, the Many Rivers Counselling and Support Services Society, and the Child Development Centre.
Health care providers include chiropractors, dentists and related professionals, optometrists, pharmacists, physicians, physiotherapists, nurses, psychologists, occupational therapists, midwives, naturopaths, and speech pathologists.
Health facilities include medical clinics, community health centres, dental clinics, laboratories, specimen collection centres, pharmacies, nursing homes, and long-term care facilities.
HIPMA also establishes a set of rights for individuals. Under HIPMA, you have the right to:
- examine or receive a copy of your personal health information, subject only to limited exceptions;
- request corrections of any inaccurate personal health information in a record held by a custodian;
- give or refuse your consent to the collection, use, or disclosure of your personal health information, except in certain specified circumstances;
- be informed of the reasons for the collection, use, and disclosure of your personal health information;
- withdraw your consent for any collection, use, or disclosure of your personal health information;
- subject to some limitations, expressly instruct that your personal health information not be used or disclosed for health care or other purposes without your consent;
- expect custodians to implement information practices that will protect your personal health information from unauthorized collection, use, access, disclosure, disposal or destruction, and other security breaches;
- be notified if you are at risk of significant harm as a result of a security breach involving your personal health information;
- complain to our Office if you are refused access to your personal health information or for any other violation of HIPMA if you reasonably believe a custodian or their agent* has acted contrary to HIPMA;
*An agent of a custodian includes their employees.
The Access to Information and Protection of Privacy Act (ATIPP)
ATIPP applies to public bodies and establishes rules that allow access to any records held by a public body, including access to an individual’s own personal information. It also establishes rules for privacy protection of any personal information held by a public body.
Public bodies include departments of the Yukon Government, Yukon Housing Corp., Yukon Lottery Corp., Yukon Liquor Corp., Yukon College, Workers Compensation Health and Safety Board, Yukon Hospital Corp., First Nation service authority, Child and Youth Advocate, and some boards, commissions and foundations established as an agent of government.
ATIPP also establishes a set of rights for individuals. Under ATIPP, you have the right to:
- access any record held by a public body, subject only to limited and specific exceptions;
- access your own personal information, also subject only to limited and specific exceptions;
- request the correction of inaccurate personal information;
- be informed of the purpose for the collection of your personal information;
- expect that public bodies will protect the privacy of your personal information according to the rules established by ATIPP for this protection;
- request the IPC to review:
- any action, omission, or decision by a public body that relates to your request for access to information including any refusal to provide you with access to a record or information in a record;
- a public body’s decision to release to another person your personal or business information in response to that person’s request to access this information;
- your complaint that a public body collected, used or disclosed your personal information contrary to ATIPP; and
- a refusal by a public body to correct inaccurate personal information;
- make a complaint to our office about any other contravention of the ATIPP Act by a public body in administering the ATIPP, including improper processing of an access to information request, a failure to adequately search for records or assist you in obtaining access to information, improper security of personal information or the potential for unauthorized collection, use, access, disclosure, or disposal or destruction of your personal information.
- What is a custodian?
‘Custodian’ is a key term in HIPMA. This is an authorized person who may collect, use and disclose personal health information only in accordance with the legislation. Custodians include most health care providers, operators of hospitals and health facilities, the Yukon Government Department of Health and Social Services, the Department of Community Services Yukon Emergency Medical Services program, the Kwanlin Dun First Nation Health Centre, the Many Rivers Counselling and Support Services Society, and the Child Development Centre.
‘Health care providers’ are also defined. They include physicians, nurses, pharmacists, chiropractors, optometrists, dentists and related professionals, psychologists, occupational therapists, midwives, naturopaths, and speech language pathologists, as well as individuals defined in the Health Professions Act, such as physiotherapists.
‘Health facility’ is a defined term and includes medical clinics, community health centres, dental clinics, medical laboratories, specimen collection centres, pharmacies, nursing homes and other continuing or long-term care facilities.
- Do I have the right to access my personal health information?
Yes. Under HIPMA, you have the right to access your personal health information held by a custodian (see ‘What is a custodian?’).
Personal health information includes:
- information related to your health or health care provided to you;
- records of payments for your health care;
- information related to your donation of body parts, tissue or bodily substances; and
- information about testing or examinations that you have undergone.
- What is a ‘record of user activity’?
Electronic information systems used by custodians should have a ‘user-based’ capability to track access to any information within that system. This means that the system can differentiate between users, usually by the login credentials assigned to each user. Every time a custodian or one of their employees accesses your personal health information, they must each use their own login and the system records this access.
A ‘record of user activity’ is the record generated by the system that identifies who has accessed your personal health information. HIPMA gives you the right to request access to this record and the custodian is not allowed to charge you a fee to provide you with it.
You would request access to a record of user activity from a custodian in the same way you would request access to other personal health information from them (see ‘How do I request access to my personal health information?’).