HealthcareBritish Columbia, CanadaIn force Partially in force (expanding)

HIIA (BC)

Health Information and Innovation Act (British Columbia)

BC's modernized health data governance framework

Run HIIA (BC) assessment ← All frameworks

Overview

BC is modernizing its health information governance through the HIIA, which will create a comprehensive framework for health information stewardship, data trusts, and the trusted digital identity of patients. The legislation addresses how health information is collected, used, shared, and governed in BC's public health system and by private custodians.

Authority

Office of the Information and Privacy Commissioner for BC

Jurisdiction

British Columbia, Canada

Effective date

Partially in force (expanding)

Applicability

Who must comply with HIIA (BC)?

Health sector custodians in BC including health authorities, physicians, pharmacists, dentists, and private health technology companies that handle personal health information about BC residents.

Compliance scope

Your organization collects personal information

You operate in the applicable jurisdiction

Commercial activities are involved

You use or disclose personal data

Not sure if HIIA (BC) applies? Run a free assessment →

Requirements

Key obligations under HIIA (BC)

Health Data Stewardship

Organizations must implement governance frameworks for how health data is curated, accessed, and used responsibly.

Consent Management

Collect and record consent for health information use cases beyond primary care, including research and quality improvement.

Cross-border Data Residency

BC has strict data residency requirements — health information about BC residents must generally remain in Canada.

Digital Identity Integration

Align with BC Services Card digital identity standards for patient authentication and access management.

Data Trust Participation

Organizations contributing data to provincial health data trusts must meet specific stewardship and de-identification standards.

Breach Response

Mandatory breach notification to the OIPC BC and affected individuals when health information is compromised.

Enforcement

Penalties & enforcement

Maximum penalty

$500,000 for organizations (FIPPA/PIPA enforcement)

Enforced by: OIPC British Columbia

How Canuckt keeps you penalty-free:

BC health information compliance assessment covering current PIPA requirements and HIIA readiness

Data residency policy builder for BC's strict health information geography requirements

OIPC BC breach notification workflow for health information incidents

Health data governance framework template aligned with BC health authority standards

Frameworks that often overlap with HIIA (BC)

Privacy

PIPA (BC)

BC's private-sector privacy law — recognized as substantially similar to PIPEDA

Healthcare

PHIPA

Ontario's health privacy law — governing all PHI custodians

Privacy

PIPEDA

Canada's federal private-sector privacy law

Run a free HIIA (BC) gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with HIIA (BC) — in under 3 hours. Free forever.

Start free assessment

No credit card

Results in hours

Canadian data residency