BLG BUSINESS VENTURE CLINIC
  • Home
  • About
  • Clients
  • Resources
    • Links
    • Videos
  • Blog
  • Contact
    • Clinic Schedule

BLOG POSTS

What Personal Health Information Can Businesses Collect?

3/30/2022

0 Comments

 
What Personal Health Information Can Businesses Collect?

Written by Carolee Changfoot

As COVID starts to plateau in Canada and restrictions lift, I reflect on the last two years and the role health innovation has played in our lives. We have had several medical innovations such as mRNA vaccinations, new COVID treatment medications, and the rise of telehealth.[1] Health and Fitness Apps saw a 47% increase in adoption as COVID spread globally in 2020.[2] Additionally, funding for digital health start-ups hit a record breaking $57.2 billion last year, a 79% increase from 2020.[3]

COVID highlighted just how important our health is. Many businesses seem to recognize this as the global mobile health app market is expected to grow 11.8% from 2022 to 2030.[4] With more businesses expecting to work with health data, it is important for businesses to understand their expectations around collecting and protecting personal information.

This blog post is not legal advice but describes some of the requirements private businesses face when collecting personal information.

National Requirements

The Personal Information Protection and Electronic Documents Act (PIPEDA) establishes national limits on the collection of personal information.[5] PIPEDA applies to every organization that collects, uses or discloses personal information in the course of commercial activities.[6]
 
PIPEDA defines “personal information” as information about an identifiable individual.[7] Medical records are considered sensitive information.[8]

Organizations must identify the purpose for which the information is to be used at or before the time the information is collected.[9] The purpose must be specified at or before the time of collection to the individual whose information is being collected.[10] Organizations must make a reasonable effort to ensure that the individual understands the purpose for which their information is to be used.[11]
 
The knowledge and consent of the individual whose personal information is collected is required for the collection, use or disclosure of personal information.[12] Consent in regards to sensitive information, like medical information, must be expressly given.[13]
 
If the business changes how they plan to use the personal information, that business must communicate the new purpose to the individuals whose personal information has been collected and must obtain their express consent before their information can be used for the new purpose.[14]
 
Further, an individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.[15] The organization shall inform the individual of the implications of such withdrawal.[16]

Provincial Requirements 

In addition to PIPEDA, the provinces have established additional requirements through provincial legislation. The collection, use, and disclosure of private information in Alberta is governed by Alberta’s Personal Information Protection Act (AB PIPA) and Alberta’s Health Information Act (HIA).[17]  

AB PIPA defines “personal information” as identifiable information.[18] The collection, use, and disclosure of personal information requires the consent of the individual whose information is being collected, used and disclosed.[19] Personal information can only be collected for purposes that are reasonable.[20] The purpose must be communicated to the individual whose information is collected at or before the time the information is collected.[21] It is relevant to note that only organizations classified as “custodians” under the Health Information Act and the regulations made under it are authorized to collect an individual’s personal health number.[22] The definition of custodian does not include a private business or organization.[23]

Footnotes:

[1] COVID Drugs; COVID Vaccines; Rise of Telehealth
[2] Fitness App Growth Q2 2020
[3] 2020 Fitness Health Funding
[4] mHealth App Market Growth Expectations
[5] Privacy Commissioner of Canada, PIPEDA in Brief
[6] S. 4 Personal Information Protection and Electronic Documents Act
[7] S. 2 Personal Information Protection and Electronic Documents Act
[8] Schedule 1 - S. 4.2.3, Personal Information Protection and Electronic Documents Act
[9] Schedule 1 - S. 4.2, Personal Information Protection and Electronic Documents Act
[10] Schedule 1 - S. 4.2.3, Personal Information Protection and Electronic Documents Act
[11] Schedule 1 - S. 4.3.2, Personal Information Protection and Electronic Documents Act
[12] Schedule 1 - S. 4.3, Personal Information Protection and Electronic Documents Act
[13] Schedule 1 - S. 4.3.6, Personal Information Protection and Electronic Documents Act
[14] Schedule 1 - S. 4.2.4, Personal Information Protection and Electronic Documents Act
[15] Schedule 1 - S. 4.3.8, Personal Information Protection and Electronic Documents Act
[16] Schedule 1 - S. 4.3.8, Personal Information Protection and Electronic Documents Act
[17] S. 2, Health Information Act
[18] S.1, Alberta Privacy Information Protection Act
[19] S.7(1), Alberta Privacy Information Protection Act
[20] S.11, Alberta Privacy Information Protection Act
[21] S.13, Alberta Privacy Information Protection Act
[22] S.21(1), Health Information Act
[23] S. 1(1)(f), Health Information Act
​
0 Comments



Leave a Reply.

    BVC Blogs

    Blog posts are by students at the Business Venture Clinic. Student bios appear under each post.

    Categories

    All
    ABCA
    Agreements
    Civil Liability
    Confidentiality
    Contractor
    Contracts
    Directors
    Dispute Resolution
    Employee
    Employment Law
    Force Majeur
    Incorporation
    Indemnification
    Jurisdiction
    Licensing
    Non-Compete
    Patents
    Security Interests
    Shareholder Agreement
    Software
    Startup
    USA
    Warranties

    RSS Feed

    Archives

    February 2023
    January 2023
    November 2022
    October 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    August 2020
    May 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    April 2019
    March 2019
    February 2019
    January 2019
    November 2018
    October 2018
    May 2018
    April 2018
    March 2018
    February 2018
    November 2017
    October 2017
    August 2017

Terms and Conditions | Privacy Statement
 © 2019 University of Calgary. All rights reserved.
  • Home
  • About
  • Clients
  • Resources
    • Links
    • Videos
  • Blog
  • Contact
    • Clinic Schedule