Is Alberta HIA the same as HIPAA?

No. HIPAA is US federal law; Alberta HIA is Alberta provincial law. Both govern health information privacy and security but with different specific requirements. Cross-border healthcare work typically engages both.

Is Alberta HIA the same as Alberta PIPA?

No. Alberta PIPA covers personal information in private-sector contexts generally; Alberta HIA covers health information specifically. They overlap and can apply concurrently.

Does HIA require breach notification?

Yes — since 2018 amendments, mandatory breach notification to the OIPC and affected individuals is required when there is a risk of harm.

What is Alberta Health Information Act (Alberta HIA)? Definition, components, and why it matters

Definition

Alberta HIA was first enacted in 2001 and has been amended periodically. It establishes a privacy framework specific to health information that interacts with (but is distinct from) the Personal Information Protection Act (Alberta PIPA), which governs personal information generally.

Custodians under HIA include physicians, nurse practitioners, dentists, pharmacists, optometrists, chiropractors, midwives, and various health authorities and primary care networks. They have specific duties under the Act around collection, use, disclosure, accuracy, retention, and security of health information.

Notable HIA features include the Alberta Electronic Health Record framework (Netcare and related systems), specific consent and notification rules, and the Office of the Information and Privacy Commissioner's role in oversight, complaint investigation, and breach assessment.

Core components

Custodians. Healthcare providers, regional health authorities, primary care networks, pharmacies, and others defined under the Act.
Affiliates. Persons employed by, providing services to, or under the control of a custodian. MSPs serving custodians often operate as affiliates with corresponding obligations.
Health information. Diagnostic, treatment, and care information; registration information about an individual; combined with identifying information about an individual.
Information manager agreement. Required when a custodian retains a person to provide information management services.
Privacy Impact Assessment (PIA). Required for new health information systems and substantial changes to existing systems. The Office of the Information and Privacy Commissioner reviews PIAs.
Breach notification. HIA was amended in 2018 to require mandatory breach notification to the OIPC and affected individuals when there is a risk of harm.

Why it matters

For Alberta-based healthcare custodians, HIA compliance is a legal requirement enforceable by the Office of the Information and Privacy Commissioner.

For MSPs serving Alberta healthcare clients (Calgary primary care networks, dental practices, family medicine clinics, pharmacy groups, specialty clinics), the MSP typically operates as an Affiliate under HIA. The MSP's technical and operational practices are part of the custodian's HIA compliance picture.

The Alberta privacy regime has multiple layers: HIA for health information, Alberta PIPA for private-sector personal information generally, and federal PIPEDA where federal-jurisdiction work is involved. Lavawall® bundles these into the Canadian privacy framework so they aren't charged or maintained separately.

How Lavawall® helps with Alberta Health Information Act (Alberta HIA)

Lavawall® includes Alberta HIA as a first-class framework alongside BC HIA, the Canadian privacy bundle (PIPEDA + Alberta PIPA + BC PIPA + Quebec Law 25), and 12+ other frameworks. Continuous endpoint and cloud evidence supports the Act's technical safeguards expectations.

ThreeShield, the Calgary-based audit firm that built Lavawall®, has been serving Calgary-area Primary Care Networks, family medicine clinics, dental practices, pharmacy groups, and specialty clinics for over a decade. The Alberta HIA control mapping reflects what the OIPC actually examines in PIAs and complaint investigations.

For Alberta MSPs serving healthcare, Lavawall® produces the technical-safeguards evidence the custodian needs and the affiliate-relationship documentation the Act expects.

Frequently asked

Is Alberta HIA the same as HIPAA?: No. HIPAA is US federal law; Alberta HIA is Alberta provincial law. Both govern health information privacy and security but with different specific requirements. Cross-border healthcare work typically engages both.
Is Alberta HIA the same as Alberta PIPA?: No. Alberta PIPA covers personal information in private-sector contexts generally; Alberta HIA covers health information specifically. They overlap and can apply concurrently.
Does HIA require breach notification?: Yes — since 2018 amendments, mandatory breach notification to the OIPC and affected individuals is required when there is a risk of harm.