PHIA (NL)
Personal Health Information Act (Newfoundland & Labrador)
Newfoundland & Labrador's health privacy law for custodians
Newfoundland and Labrador's Personal Health Information Act governs the collection, use, disclosure, and protection of personal health information by custodians in the province. It requires consent, reasonable safeguards, and breach notification, and gives individuals access and correction rights. NL is deemed substantially similar to PIPEDA for health information.
Who must comply with PHIA (NL)?
Custodians in Newfoundland & Labrador include regulated health professionals, the regional health authorities, pharmacies, and long-term care operators. Information managers handling personal health information for a custodian are bound by written agreement.
Not sure if PHIA (NL) applies? Run a free assessment →
Key obligations under PHIA (NL)
Consent & Circle of Care
Rely on express or implied consent as the Act allows; implied consent supports sharing within the circle of care for treatment.
Limiting Collection
Collect, use, and disclose only the personal health information necessary for the purpose.
Safeguards
Apply reasonable administrative, technical, and physical safeguards to protect personal health information.
Breach Notification
Notify the affected individual, and the OIPC where there is a material risk of harm, when a breach occurs.
Access & Correction
Give individuals access to their own personal health information and a route to request corrections.
Information Manager Agreements
Put written agreements in place before an information manager processes or stores personal health information.
Penalties & enforcement
Run a free PHIA (NL) gap assessment
Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PHIA (NL) — in under 3 hours. Free forever.
Start free assessment