Manitoba · PHIA

Personal health information access for Manitoba trustees

AccessPoint runs Manitoba PHIA — an individual's right to examine and correct their own health record, plus breach notification and the surrounding privacy program — on the Act's tiered access clock, inside your own Microsoft 365 tenant.

Manitoba — PHIA at a glance

Access clock
Tiered under s. 6 — 24 hours (hospital in-patient's current care), 72 hours (current care outside hospital), 30 days otherwise
Correction requests
Decided within 30 days (s. 12), with a statement of disagreement if refused
Fees
A reasonable fee, capped by regulation; no fee for a correction request
Breach notification
Mandatory since January 1, 2022 (s. 19.0.1) on a real-risk-of-significant-harm test
Oversight
Manitoba Ombudsman; binding orders via the Information and Privacy Adjudicator
Languages
English

Built for Manitoba — PHIA

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

Patient access on the tiered clock

Handle an individual's right to examine and copy their own health record on PHIA's tiered timeline — 24 hours for a hospital in-patient's current care, 72 hours for current care outside hospital, and 30 days in any other case.

Correction requests

Track a request to correct a health record, decide it within 30 days, and where you decline, capture the individual's concise statement of disagreement on the record — all in one workspace.

Breach notification

Since January 2022, PHIA requires notice to the affected individual and the Ombudsman where a breach could reasonably create a real risk of significant harm. Log the breach, assess the risk, and track the notices.

Trustee privacy program

Run the wider privacy program a trustee is expected to maintain — access and disclosure tracking, privacy impact assessments, and a privacy risk register — beside your PHIA requests.

Ombudsman and Adjudicator

Track complaints and reviews from the Ombudsman through, where needed, a binding order of the Information and Privacy Adjudicator, with the statutory compliance and judicial-review windows.

In your own Manitoba tenant

Every record, assessment, and audit entry stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no per-user fees, and full control of your health data.

Since January 2022

Manitoba added mandatory breach notification and binding orders. AccessPoint runs both.

The 2021 amendments to PHIA, in force January 1, 2022, added a mandatory duty to notify the affected individual and the Ombudsman of a breach that could reasonably create a real risk of significant harm, and created a binding-order layer through the Information and Privacy Adjudicator. Meeting those duties takes more than a records system. AccessPoint runs PHIA access and correction, breach notification, and privacy risk on one platform, in your own tenant, so a Manitoba trustee can show its whole program in one auditable place.

Breach notification The real-risk-of-significant-harm test, with individual and Ombudsman notices.
Binding orders Track a matter through to an Adjudicator order and compliance.
One audit trail Every action on a hash-chained, defensible ledger.

Configured out of the box

Installing the ca-mb-phia configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • PHIA as the legal-authority and citation spine
  • The tiered 24h / 72h / 30-day access-clock rules
  • Correction-request handling with the statement-of-disagreement mechanism
  • Breach-notification rules on the real-risk-of-significant-harm test
  • Trustee categories and the reasonable-fee configuration
  • Ombudsman and Adjudicator review grounds and dispositions
  • Manitoba timeliness brackets and reporting templates
  • PHIA correspondence templates with statutory wording

Manitoba — PHIA Questions

What is the access deadline under Manitoba PHIA?

PHIA uses a tiered clock under section 6: 24 hours where the trustee is a hospital and the information is about care currently being provided to an in-patient; 72 hours where the information is about care the trustee is currently providing outside a hospital; and 30 days in any other case. AccessPoint calculates each tier automatically.

Does AccessPoint handle PHIA breach notification?

Yes. Since January 1, 2022, a trustee must notify the affected individual and the Manitoba Ombudsman of a breach that could reasonably create a real risk of significant harm (s. 19.0.1). AccessPoint logs the breach, runs the harm assessment, and tracks the notices to closure.

How does oversight work in Manitoba?

The Manitoba Ombudsman investigates complaints and makes recommendations. Where a trustee does not comply, only the Ombudsman may refer the matter to the Information and Privacy Adjudicator, who can make a binding order — after which the trustee must comply within the statutory window or seek judicial review. AccessPoint tracks the full path.

Where does Manitoba health data reside?

Entirely within your own Microsoft 365 and Azure tenant. Records, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run PHIA Access and Your Privacy Program in One Platform

Try AccessPoint free for 30 days, pre-configured for Manitoba PHIA. No credit card required.

Start Free Trial