The Ten Privacy Principles
Health regulation builds upon and codifies many of the existing high standards and protections found in the common law, and various professional codes, policies and guidelines.
Most privacy legislation in the world is based on these ten privacy principles:
| Privacy Principle | Requirement |
|---|---|
| Privacy Principle | Requirement |
| Accountability | Designate a contact person to assist you in meeting your privacy obligations, and to deal with any access requests, privacy related inquiries and complaints, and Commissioner investigations |
| Identifying Purposes | Inform your patients of the purposes for which their personal health information is collected, used and disclosed, unless otherwise exempted |
| Consent | Rely on implied consent, where appropriate, or obtain express consent from your patients when collecting, using or disclosing their personal health information, unless otherwise exempted |
| Limiting Collection | Limit your collection of personal health information to that which is necessary for the identified purposes or for purposes that the Act permits or requires |
| Limiting Use and Disclosure | Limit your use and disclosure of personal health information to the identified purposes, unless you obtain further consent or your use or disclosure is permitted or required by law |
| Accuracy | Take reasonable steps to ensure that your patients’ personal health information is as accurate, complete and up-to-date as is necessary for the purposes for which you use or disclose it Tell the person to whom you disclose information of limitations on the accuracy, completeness or up-to-date character of the information |
| Safeguards | Implement appropriate technical, administrative and physical safeguards to protect your patients’ privacy and the confidentiality of their personal health information Ensure your staff are informed of privacy and confidentiality requirements |
| Openness | Develop and make available a written statement on your information practices (e.g., your collection, use and disclosure of personal health information) |
| Access | In a timely manner, give your patients access to, and the ability to correct, their personal health records if they meet the requirements of the Act |
| Challenging Compliance | Develop simple complaint procedures to allow individuals to challenge your privacy practices |