This form is to be used by a custodian that is notifying the Information and Privacy Commissioner (the “Commissioner”) of a privacy breach under section 60.1 of the Health Information Act (HIA).
A “privacy breach” or “breach” means the loss of individually identifying health information or any unauthorized access to or disclosure of individually identifying health information.
Notice to the Commissioner of a privacy breach must be in writing in a form approved by the Commissioner (this form) and must include the information listed in section 8.2(2) of the Health Information Regulation (the Regulation).
Before completing this form, please read the Guidelines for Notifying the Commissioner about a Privacy Breach under HIA
Please Note: Individuals (members of the public) should not use this form. Individuals who believe their health information has been lost or improperly collected, used, disclosed, or access by a custodian may file a complaint with the Office of the Information and Privacy Commissioner of Alberta (“OIPC”) using the Request for Review and Privacy Complaint Form available at www.oipc.ab.ca.
Organizations as defined in the Personal Information Protection Act (PIPA) notifying the Commissioner of a breach have different obligations and must use the appropriate form available at www.oipc.ab.ca.
Custodians must consider the factors in section 8.1 of the Regulation, in addition to any other relevant factors, when assessing risk of harm to individuals.
Notice given to individuals must be in writing (section 8.2(4) of the Regulation), and must be sent by prepaid mail, given by personal service, or electronically (section 103 of the Act).
If the custodian has decided to not give notice of a breach to an individual under 60.1(5) or is seeking authorization for substitutional service under 103(c), complete Appendix A or B.
Custodians are required to notify the Commissioner of a privacy breach under the Health Information Act as soon as practicable.
Email submissions are preferred. Please submit the completed HIA Privacy Breach Notification Form to breachreport@oipc.ab.ca.
If you are unable to submit the form by email, you can submit it to:
Office of the Information and Privacy Commissioner of Alberta
410, 9925 - 109 Street Edmonton, AB T5K 2J8 Fax: (780) 422-5682
For general information about responding to a privacy breach, please contact the OIPC by telephone at (780) 422-6860, toll free at 1-888-878-4044, or by email at generalinfo@oipc.ab.ca. Contacting the OIPC does not mean that a custodian has fulfilled its legal obligation to notify the Commissioner about a privacy breach. Notification to the Commissioner about a privacy breach must meet the requirements of section 8.2(2) of the Health Information Regulation. Information provided by the OIPC does not constitute legal advice and is not binding on the Commissioner.