(includes any amendments and implementing regulations)
|Type of Personal Information Governed by the Law||Jurisdiction|
|Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 *||Protected Health Information||United States|
|Health Information Technology for Economic and Clinical Health Act of 2009, P.L. 111-5, Title XIII (amends HIPAA)||Health Information and Individually Identifiable Health Information||United States|
|Personal Information Protection Act, SBD 2003, c. 63||Personal Information (including that relating to the mental or physical health of individuals)||British Columbia|
|Health Information Act, RSA 200, c. H-5||Health Information||Alberta|
|Health Information Protection Act, SS 1999, c. H-0.021||Personal Health Information||Saskatchewan|
|Personal Health Information Act, CCSM, c. P33.5||Personal Health Information||Manitoba|
|Personal Health Information Protection Act, SO 2004, c. 3, Sch. A||Personal Health Information||Ontario|
|Personal Health Information Act, SNL 2008, c. P-7.01||Personal Health Information||Newfoundland and Labrador|
|Health Information Act, RSPEI 1988, c. H-1.41||Personal Health Information||Prince Edward Island|
|Personal Health Information Act, SNS 2010, c. 41||Personal Health Information||Nova Scotia|
|Health Information Privacy and Management Act, SY 2013, c. 16||Personal Health Information||Yukon|
|Personal Information Protection and Electronic Documents Act, SC 2000, c. 5||“An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions….”
Note that Personal Health Information is expressly excluded from Part 1 (“Protection of Personal Information in the Private Sector”).
|Digital Privacy Act, SC 2015, c. 32 (amends PIPEDA)||Personal Information||Canada|
|Canada’s Anti-Spam Legislation S.C. 2010, c. 23||“An act to promote… the economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities….”
Requires express or implied consent to send commercial electronic messages (e.g., emails, texts and instant messages).
* Note: HIPAA is a federal law and is the default law that applies in each state. A state can choose to make stricter laws about one or more aspects of protecting PHI. In that case, the state law will apply. Where it is less protective, HIPAA will apply.