Customers should understand that as part of PIPA compliance, information stored and user consent is not given to the hosting provider, but to the healthcare provider that obtains and maintains the personal health information. With the Information and Privacy Commissioner for British Columbia, it is note a requirement that all servers are in Canada. However all Hosting.ca servers and infrastructures are located in Canada. Hosting.ca guarantees the following:
- A notification of any privacy breach will be sent out to the owner immediately
- Plain language description of our services is provided
- Right to insist that incorrect or incomplete personal data be corrected
- Hosting.ca proactively protects personal information
- Hosting.ca fulfills the requirements indicated by the Information and Privacy Commissioner of British Columbia (https://www.oipc.bc.ca/about/legislation/)
The PIPA defines personal information as anything that can identify an individual. This includes names, addresses, phone numbers, social insurance numbers, date of birth, financial details. It also includes any personally identifiable information like physical descriptions, educational or employment data, or health information like blood type. The PIPA does not have a separate definition for highly sensitive or especially personal data like the GDPR.
The PIPA allows this personal information to be collected, used, or disclosed for what is deemed ‘reasonable purposes.’ Reasonable is defined as what a reasonable person would think is appropriate in any given situation. Defining and determining what is considered reasonable will depend on a variety of factors including: the kind of data collected, the amount of data collected, how the information is to be used, and where or to whom the data is to be disclosed.