HealthcareAlberta, CanadaIn force April 1, 2001

HIA (Alberta)

Health Information Act (Alberta)

Alberta's health privacy law for custodians and affiliates

Run HIA (Alberta) assessment ← All frameworks

Overview

Alberta's HIA governs the collection, use, and disclosure of health information by health information custodians. It applies to providers within the Alberta health system including AHS, regional health authorities, physicians, dentists, pharmacists, and optometrists. The 2018 amendments added breach notification requirements and new digital health provisions.

Authority

Office of the Information and Privacy Commissioner of Alberta (OIPC)

Jurisdiction

Alberta, Canada

Effective date

April 1, 2001

Applicability

Who must comply with HIA (Alberta)?

Health information custodians in Alberta — regulated health professionals, health authorities, facilities, pharmacies, and persons authorized under HIA to collect health information. Health tech companies acting as affiliates of custodians are also covered.

Compliance scope

Your organization collects personal information

You operate in the applicable jurisdiction

Commercial activities are involved

You use or disclose personal data

Not sure if HIA (Alberta) applies? Run a free assessment →

Requirements

Key obligations under HIA (Alberta)

Consent Framework

Use health information only for purposes for which it was collected, treatment purposes, or purposes permitted by HIA without consent.

Electronic Health Record Access

Custodians participating in Alberta Netcare must follow AHS/OIPC guidance on authorized access and audit logging.

Research Use

Health information research requires IPC approval or a research ethics board approval plus specific safeguards.

Breach Notification

Report breaches creating real risk of significant harm to the OIPC and affected individuals. Keep a breach register.

Affiliate Agreements

Custodians must have written HIA affiliate agreements with anyone who handles health information on their behalf.

Retention & Destruction

Health records must be retained for 10 years from last contact (2 years for minors reaching majority). Secure destruction required.

Enforcement

Penalties & enforcement

Maximum penalty

$200,000 per offence for custodians

Enforced by: OIPC Alberta

Notable case

An Alberta physician was fined after accessing patient records of personal acquaintances without authorization (2019)

How Canuckt keeps you penalty-free:

Alberta HIA gap assessment covering custodian, affiliate, and provincial health authority obligations

Affiliate agreement templates compliant with current OIPC guidance for health IT vendors

Breach response workflow aligned with Alberta HIA mandatory notification requirements

Health information retention schedule builder with HIA-specific timelines pre-loaded

Frameworks that often overlap with HIA (Alberta)

Privacy

PIPEDA

Canada's federal private-sector privacy law

Healthcare

PHIPA

Ontario's health privacy law — governing all PHI custodians

Privacy

PIPA (Alberta)

Alberta's private-sector privacy law — substantially similar to PIPEDA

Run a free HIA (Alberta) gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with HIA (Alberta) — in under 3 hours. Free forever.

Start free assessment

No credit card

Results in hours

Canadian data residency