Healthcare logo

Canada | Healthcare and life sciences

PHIPA (Canada)

Healthcare data is protected by a number of privacy laws and regulations in Canada. In addition to the federal laws, Canadian provinces maintain their own privacy laws. In the province of Ontario, Canada, the Personal Health Information Protection Act (PHIPA) establishes general principles for the collection, use, and disclosure of personal health information (PHI). The legislation outlines comprehensive information practices for handling PHI including security, retention, and access.

While Google Cloud customers are responsible for their own due diligence we have developed a whitepaper that describes how Google Cloud leverages state-of-the-art data privacy and security capabilities to store, process, maintain, and secure customer data.In this paper, we explain these data protection features and how they align to many of the security and privacy practices organizations should consider when looking to comply with PHIPA. Furthermore, we engaged an independent third party to conduct a Privacy Impact Assessment (PIA) and Threat Risk Assessment (TRA) of Google Cloud to ease the process, cost and resources of conducting your due diligence.