PHIA (MB)
Personal Health Information Act (Manitoba)
Canada's first comprehensive health privacy law, governing Manitoba trustees
Manitoba's Personal Health Information Act was Canada's first comprehensive health privacy statute, in force since 1997. It gives individuals the right to access and correct their own health information and requires trustees to protect it, limit its use, and respond quickly to access requests. Manitoba requires dual compliance with both PHIA and PIPEDA.
Who must comply with PHIA (MB)?
Trustees under Manitoba PHIA include health professionals, hospitals, regional health authorities, personal care homes, and government health agencies that collect or maintain personal health information.
Not sure if PHIA (MB) applies? Run a free assessment →
Key obligations under PHIA (MB)
Right of Access
Individuals can access their own personal health information — trustees must respond within 24 hours for in-patients or 72 hours for those in current care, and within 30 days otherwise.
Correction Rights
Individuals can request corrections to their personal health information held by a trustee.
Limiting Use & Disclosure
Use and disclose personal health information only as authorized and only to the extent necessary.
Security Safeguards
Maintain reasonable administrative, technical, and physical safeguards over personal health information.
Breach Handling
Respond to privacy breaches and notify where there is a real risk of significant harm; the Manitoba Ombudsman oversees compliance.
Information Manager Agreements
Bind any information manager processing personal health information for a trustee through a written agreement.
Penalties & enforcement
As the first such law in Canada (1997), Manitoba PHIA shaped many of the health privacy concepts later adopted across the country.
Run a free PHIA (MB) gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PHIA (MB) — in under 3 hours. Free forever.
Start free assessment