How Does HIPAA Differ from PIPEDA?

The Personal Information Protection and Electronic Document Act (PIPEDA) is Canada's federal law on patient privacy (Canada equivalent of HIPAA). It is comparable to the Health Insurance Portability and Accountability Act (HIPAA) in the United States, however, there are a few key differences to be aware of.

What is the biggest difference between HIPAA and PIPEDA?

In the United States, HIPAA is a federal law that governs the privacy and security of personal health information for certain sectors in the health industry. These sectors mainly include health insurers, healthcare providers and health exchange organizations.

PIPEDA is the Canadian equivalent of HIPAA. Or, you could say, HIPAA is the US equivalent of Canada's healthcare privacy laws called PIPEDA. So HIPAA doesn't apply in Canada because Canada has its own Personal Information Protection Act.

For Canadian health privacy laws, PIPEDA applies to all personal data, whether in the healthcare industry or elsewhere, regardless of the entity. As Servercloud Canada explains it, once an organization collects data, regardless of the province, industry or type, that organization becomes fully responsible for the protection of the collected data. It is important to note that each Canadian province has the discretion to have its own rules and regulations as long as the core values of PIPEDA remain intact.

Where does PIPEDA data go?

Much like HIPAA, data collected and protected by PIPEDA can be stored abroad. In the Canadian provinces of British Columbia and Nova Scotia, governmental restrictions make it mandatory for data to be stored in Canada only.

What health data is covered by PIPEDA vs HIPAA?

HIPAA protects any personally identifiable information that is created or received by:

• Healthcare provider
• Health plan authority
• Employer
• Life insurer
• School or University

The data collected and protected covers past, present, and future health conditions, treatments or payments.

In Canada, any data, including users, statistics, and volume, must be available to the covered entities. This data is important in accountability procedures of privacy violations. PIPEDA regulations also protect sensitive personally identifiable information such as age, name, ID numbers, income, ethnic origin, blood type, medical records, opinions, evaluations, comments, social statements, payment information and more.