HIPA (SK)
Health Information Protection Act (Saskatchewan)
Saskatchewan's health privacy law for trustees of health information
Saskatchewan's Health Information Protection Act (HIPA) governs how trustees collect, use, disclose, and safeguard personal health information. It was one of the earliest provincial health privacy laws and was strengthened with significantly higher penalties for snooping and unauthorized disclosure. Saskatchewan requires dual compliance with both HIPA and PIPEDA.
Who must comply with HIPA (SK)?
Trustees under HIPA include the Saskatchewan Health Authority, physicians, pharmacists, regulated health professionals, and government health bodies. Information management service providers acting for a trustee are subject to HIPA through agreement.
Not sure if HIPA (SK) applies? Run a free assessment →
Key obligations under HIPA (SK)
Trustee Duty of Care
Trustees must protect the personal health information in their custody or control and use it only for authorized purposes.
Need-to-Know Access
Limit employee and agent access to personal health information strictly to what their duties require.
Consent & Permitted Use
Use and disclose personal health information with consent or as specifically permitted by HIPA.
Data Minimization
Collect and use the least amount of personal health information needed for the purpose.
Breach Response
Take reasonable steps on a privacy breach, including notifying affected individuals; the OIPC actively investigates snooping.
Information Management Agreements
Written agreements govern any third party that stores or processes health information for a trustee.
Penalties & enforcement
HIPA penalties were sharply increased to deter snooping, after repeated cases of staff accessing records without authorization.
Run a free HIPA (SK) gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with HIPA (SK) — in under 3 hours. Free forever.
Start free assessment