We see you are using Internet Explorer. Some functions of this site do not function properly with Internet Explorer. The site works best on updated browsers such as Edge, Chrome, and Firefox.

Staying Compliant: Health Information Act Must-Dos for Alberta Health Professionals

Blog Categories

Arbitration

Business Law

Commentary

Commercial Litigation

Condominium Law

Construction Litigation

COVID-19 Resources

Cryptocurrency

Employment Law

Estate Administration

Estate Litigation

Health Law

News

Personal Injury & Negligence

Wills & Estates

CW-triangle
Fiona Balaton, Sarah Barker

March 24, 2026

Dentist tools and records

Health care in Alberta is subject to stringent privacy legislation. Alberta’s Health Information Act (HIA) is designed to protect personal health information by regulating how personally identifiable health information is collected, used, and shared.

As a physician, dentist, optometrist, podiatrist, pharmacist, physiotherapist, or other regulated health professional designated under section 1(1)(f) of the HIA and the Health Information Regulation, you are a custodian of health information. This means that the responsibility of ensuring compliance with the HIA in the handling of identifiable health information falls to you.

Health care professions, particularly those operating their own clinics, must understand their obligations as a custodian and ensure compliance with the HIA. These obligations include:

  1. Having policies and procedures in place to address breaches of health information and ensure proper reporting as required. Privacy breaches must be reported to the Office of the Information & Privacy Commissioner (OIPC) where there is a risk of harm to an individual as a result of the loss or unauthorized access or disclosure of identifiable health information.
  2. Determining when Privacy Impact Assessments (PIA) are required. In certain situations custodians under the HIA must complete a PIA and submit it to the OIPC.
  3. Having appropriate Information Management Agreements in place with any third parties managing identifiable health information.
  4. Having policies and procedures in place for health information access requests from patients, as well as policies and procedures that address the release of health information to third parties.
  5. Having policies and procedures in place for the storage and transfer of health information.
  6. Having properly drafted consent forms for the collection, use and sharing of health information.
  7. Having properly drafted agreements for employees, independent contractors and students which contemplate privacy and the security of health information.
  8. Providing ongoing training on privacy and security of health information.
  9. Properly identifying your affiliates under the HIA and ensuring their practices are also in compliance with the HIA.

As a regulated health professional, managing compliance with the HIA is an ongoing part of practice. Getting advice early can help you meet your obligations confidently and avoid problems before they arise.

Carbert Waite LLP’s Health Law group is one of the largest in Western Canada. Reach out to receive clear, practical advice on navigating your obligations under the HIA and ensuring your practice is and remains compliant.

Authors

Fiona Balaton

Fiona Balaton

Associate – Health Law Group
T: 403.705.3667
E: [email protected]

View Profile
Sarah Barker

Sarah Barker

Partner – Health Law Group
T: 403.705.3687
E: [email protected]

View Profile