CanucktAI
HomeFrameworksPHIA (NS)
HealthcareNova Scotia, CanadaIn force June 1, 2013

PHIA (NS)

Personal Health Information Act (Nova Scotia)

Nova Scotia's health privacy law for custodians of personal health information

Run PHIA (NS) assessment ← All frameworks
Overview

Nova Scotia's Personal Health Information Act governs how custodians collect, use, disclose, retain, and destroy personal health information in the province. It sets consent rules, mandates safeguards, and requires custodians to notify affected individuals — and in serious cases the Information and Privacy Commissioner — of privacy breaches. Nova Scotia is deemed substantially similar to PIPEDA for health information.

Authority
Information and Privacy Commissioner for Nova Scotia (OIPC NS)
Jurisdiction
Nova Scotia, Canada
Effective date
June 1, 2013
Applicability

Who must comply with PHIA (NS)?

Custodians in Nova Scotia include regulated health professionals, hospitals, the provincial health authority, pharmacies, and continuing-care facilities. Information managers and agents that handle personal health information on a custodian’s behalf are bound through written agreements.

Compliance scope
Your organization collects personal information
You operate in the applicable jurisdiction
Commercial activities are involved
You use or disclose personal data

Not sure if PHIA (NS) applies? Run a free assessment →

Requirements

Key obligations under PHIA (NS)

Knowledgeable Consent

Collect, use, and disclose personal health information only with the individual’s knowledgeable consent, except where the Act permits otherwise (such as within a circle of care).

Limiting Principle

Collect, use, and disclose only as much personal health information as is reasonably necessary for the purpose.

Safeguards

Protect personal health information with reasonable administrative, technical, and physical safeguards against loss, theft, and unauthorized access.

Breach Notification

Notify the affected individual at the first reasonable opportunity, and the OIPC where a breach could cause harm or embarrassment.

Right of Access & Correction

Individuals can request access to their own health record and ask for corrections, with defined response timelines.

Information Manager Agreements

Written agreements are required before an information manager processes, stores, or destroys personal health information for a custodian.

Enforcement

Penalties & enforcement

Maximum penalty
Up to $10,000 (individual) / $50,000 (organization)
Enforced by: Information and Privacy Commissioner for Nova Scotia
Notable case

NS PHIA created specific offences for snooping — accessing a health record without authorization is a prosecutable act.

How Canuckt keeps you penalty-free:
PHIA (NS) gap assessment mapped to Nova Scotia custodian obligations and consent rules
Information-manager agreement template for vendors handling PHI on behalf of NS custodians
Breach workflow calibrated to OIPC Nova Scotia notification expectations
PHI data inventory across systems so you can prove the limiting principle is met
Related

Frameworks that often overlap with PHIA (NS)

Healthcare
PHIPA

Ontario's health privacy law — governing all PHI custodians

Privacy
PIPEDA

Canada's federal private-sector privacy law

Healthcare
PHIPAA (NB)

New Brunswick's combined health privacy and access law

Run a free PHIA (NS) gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with PHIA (NS) — in under 3 hours. Free forever.

Start free assessment
No credit card
Results in hours
Canadian data residency
PHIA Nova Scotia Health Privacy Compliance | Canuckt | Canuckt AI