Health Information Act (HIA)

The Health Information Act (HIA) establishes rules to protect the privacy of an individual's health information. It also regulates how health information can be collected, used and disclosed. When health professionals access Alberta Netcare, it is considered to be “using” health information, so they must follow the rules set out by the HIA.           

The HIA requires custodians (either named health care organizations or named professions in the Health Information Regulation) and affiliates (employees, volunteers, contractors and other authorized people who work for a custodian) to only collect, use and disclose health information in the most limited manner, with the highest degree of anonymity possible and on a need-to-know basis.

  • A training session “Health Information Act (HIA) for Alberta Netcare Users” is available for your review and can be found here.


Health Information Act Guidelines and Practices Manual

Designed as a reference tool to help custodians and affiliates apply and administer the Act. 

Alberta Electronic Health Record Regulation

Establishes the requirements for access to the Alberta Netcare Electronic Health Record (EHR). 

Roles & Responsibilities Quick Reference to learn more on how the HIA affects you as an Alberta Netcare user.

What is the HIA?

The provincial Health Information Act (HIA) establishes the rules that must be followed for the collection, use, disclosure and protection of health information. It balances the protection of privacy with enabling health information to be shared where appropriate. The HIA sets out the rules that help to protect individuals’ privacy through Alberta Netcare Masking.

Who is a custodian?

According to the HIA, a custodian includes:
  • Hospital boards, nursing home operators, provincial health boards, etc
  • Health care providers that provide health services
  • Licensed pharmacy and/or pharmacist
  • Health care professionals that are designated under the Health Information Regulation

Who is an affiliate?

According to the HIA, an affiliate includes:
  • Employees of a custodian
  • Any person that performs a service for a custodian (agent, appointee, volunteer or student)
  • Health care providers who can admit/treat patients at hospitals and other health care practitioners with formal access to hospital resources

What is the Alberta Netcare Electronic Health Record (EHR)?

The Alberta Netcare EHR is a secure integrated record of an Albertan’s key health information.  It is designed to give authorized health care providers across the province access to a patient’s health information such as:
  • lab test results
  • diagnostic imaging reports
  • medications
  • allergy and intolerance information
  • personal demographic information

The Alberta Netcare EHR is a highly secure system that can only be accessed by authorized health care providers for treatment and care purposes. Those who access the Alberta Netcare EHR are required to comply with security measures and respect the privacy of health information.

Can any health care provider access an individual's EHR?

No. For security purposes, special authorization is required for health care providers to access the Alberta Netcare EHR. User access is restricted based on their role and profession.  
  • Authorized health care providers are asked for their unique usernames and passwords every time they access Alberta Netcare.
  • The security controls utilized for the Alberta Netcare EHR are based on legislative requirements, security industry best-practices and standards of practice.
  • Any access to the Alberta Netcare EHR is logged to an access log. These logs are audited monthly.  
  • Anyone who knowingly collects, uses, or discloses health information inappropriately could be subject to fines and disciplinary measures.

Who is an authorized health care provider?

An authorized health care provider is an authorized custodian or their affiliates who works at an authorized health care facility and has been granted access to Alberta Netcare for direct patient care. The facility must have completed privacy (PIA) and security assessments (p-ORA) prior to Alberta Netcare being deployed.

How do I know if a patient's EHR is masked?

In Alberta Netcare Portal, the patient's EHR will have a “lock” icon next to the individual’s name. This indicates that their EHR is masked. It is not necessary to actually view an individual’s lab and other data in order to determine if a mask has been set.

Additional HIA-related documents are available in Alberta Health's Acts and Regulation section. Use this link to monitor changes and updates to the HIA and other related topics here.