EMRs and privacy

EMRs and privacy

The Personal Health Information Act (PHIA) directs the collection, use, disclosure, retention and discarding of personal health information that is contained in an electronic medical record (EMR).

PHIA identifies both the rights of individuals to protect their personal health information and the need of custodians to collect, use and disclose personal health information in health care. Most EMR users in Nova Scotia today are community-based physicians and are therefore considered to be “custodians” under the PHIA legislation.

Custodian is a term PHIA uses to describe those who have custody and control of personal health information. 

Custodian Safeguards

Under PHIA regulations, custodians must implement additional safeguards for personal health information held in a custodian’s electronic information system:

  1. Protection of network infrastructure, including physical and wireless networks, to ensure secure access
  2. Protection of hardware and its supporting operating systems to ensure that the system functions consistently and only those authorized to access the system have access
  3. Protection of the system’s software, including the way it authenticates a user’s identity before allowing access

In addition, the regulations state a “custodian must create and maintain written policies to support and enforce the implementation of the safeguards.”


Nichole Elizabeth
Legal counsel and chief privacy officer