Privacy Legislation in Health Care Home Page

Executive Summary

We came across some great introductory information from the Information Commissioner’s Office and have used it to put together a useful directory for privacy legislation in healthcare. 

Privacy is typically organized into the following categories: Bodily privacy (drug testing, genetic testing, airport scanners), Territorial privacy (home, workplace, public spaces), Communications privacy (telephone, video surveillance), and Information privacy (data stored in government and corporate databases).  

Informational privacy is the ability of a person to control the collection, use, disclosure and retention of his or her personal information. Intrusion can come in the form of the collection of excessive personal health information, the disclosure of personal health information without consent and misuse of such information. 

The Colleaga Healthcare Privacy Community of Practice is primarily concerned with presenting useful, practical information for those interested the complex subject of informational privacy in healthcare. 

We are interested in generating some discussion on this topic in our Healthcare Privacy Community. Please visit this space to join the conversation.


Privacy is crucial to the success of organizations in engendering trust from their users. Privacy laws set the ground rules for information management.  Healthcare organizations and Healthcare IT companies must comply with applicable privacy legislation to protect personal health information hosted or stored in their environment.  Healthcare privacy legislation differs between jurisdictions. In Canada alone, there are more than 30 separate federal, provincial and territorial privacy laws in effect.  and must adapt to the use of health information technologies. 

This article serves as a directory for various country-based privacy legislation in healthcare, it also includes links to best practices in healthcare privacy. It is widely applicable to both healthcare organizations and those looking to provide a service or IT product in the healthcare industry who want to understand their privacy obligations, and who seek to clarify information that can answer the following questions, and more:

  1. What is Privacy by Design?
  2. How do I carry out a Privacy Impact Assessment?
  3. What are the relevant laws pertaining to healthcare privacy in my country?

Assessing the Impact of Technology

As is common in technology, the rate of change is moving faster than society’s ability to address the social impacts of technological developments.  This is similarly true of healthcare privacy. In essence, technological innovation raises serious questions about privacy. Privacy breaches can hurt people. Virtual muggings in the forms of identity theft, cyberbullying, and other forms of cybercrime exist on the dark side of this virtual landscape. Privacy in health care is about managing information efficiently and effectively. It should complement technological innovation, not hinder it. 

In health care, privacy concerns exist "wherever personally identifiable information or other sensitive information is collected, stored, used, and finally destroyed or deleted."[2] This is especially pertinent to an ever-digitizing health care landscape, where the sheer amount of information necessitates virtual libraries of patients' records. Depending on the nature of the consumers and distributors involved, various healthcare legislation may apply, which underscores the importance of collective and accessible information through technology.

The protection of personal health information from exposure to inappropriate disclosure, access, or modification—whether accidental or intentional—is mandated under different laws depending on jurisdiction. Critical to health care technology organizations are their abilities to garner the trust of their users over the handling of the users’ information. This is why organizations must prioritize the needs of their users when considering what drives privacy policies in health care.

Country-Specific Legislation

Privacy laws in health care vary globally based on country-specific legislation. Find out more about the health care privacy legislation of the following countries here:

Healthcare Best Practices

Further information

This page is currently being updated with new information pertaining to healthcare privacy. Check back later for more helpful links. Visit the Privacy Horizon Library to learn more.