Manitoba · PHIA
Personal health information access for Manitoba trustees
AccessPoint runs Manitoba PHIA — an individual's right to examine and correct their own health record, plus breach notification and the surrounding privacy program — on the Act's tiered access clock, inside your own Microsoft 365 tenant.
Manitoba — PHIA at a glance
- Access clock
- Tiered under s. 6 — 24 hours (hospital in-patient's current care), 72 hours (current care outside hospital), 30 days otherwise
- Correction requests
- Decided within 30 days (s. 12), with a statement of disagreement if refused
- Fees
- A reasonable fee, capped by regulation; no fee for a correction request
- Breach notification
- Mandatory since January 1, 2022 (s. 19.0.1) on a real-risk-of-significant-harm test
- Oversight
- Manitoba Ombudsman; binding orders via the Information and Privacy Adjudicator
- Languages
- English
Built for Manitoba — PHIA
One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.
Patient access on the tiered clock
Handle an individual's right to examine and copy their own health record on PHIA's tiered timeline — 24 hours for a hospital in-patient's current care, 72 hours for current care outside hospital, and 30 days in any other case.
Correction requests
Track a request to correct a health record, decide it within 30 days, and where you decline, capture the individual's concise statement of disagreement on the record — all in one workspace.
Breach notification
Since January 2022, PHIA requires notice to the affected individual and the Ombudsman where a breach could reasonably create a real risk of significant harm. Log the breach, assess the risk, and track the notices.
Trustee privacy program
Run the wider privacy program a trustee is expected to maintain — access and disclosure tracking, privacy impact assessments, and a privacy risk register — beside your PHIA requests.
Ombudsman and Adjudicator
Track complaints and reviews from the Ombudsman through, where needed, a binding order of the Information and Privacy Adjudicator, with the statutory compliance and judicial-review windows.
In your own Manitoba tenant
Every record, assessment, and audit entry stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no per-user fees, and full control of your health data.
Since January 2022
Manitoba added mandatory breach notification and binding orders. AccessPoint runs both.
The 2021 amendments to PHIA, in force January 1, 2022, added a mandatory duty to notify the affected individual and the Ombudsman of a breach that could reasonably create a real risk of significant harm, and created a binding-order layer through the Information and Privacy Adjudicator. Meeting those duties takes more than a records system. AccessPoint runs PHIA access and correction, breach notification, and privacy risk on one platform, in your own tenant, so a Manitoba trustee can show its whole program in one auditable place.
Configured out of the box
Installing the ca-mb-phia configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.
Related guide: FOI Workflow Quick Check- PHIA as the legal-authority and citation spine
- The tiered 24h / 72h / 30-day access-clock rules
- Correction-request handling with the statement-of-disagreement mechanism
- Breach-notification rules on the real-risk-of-significant-harm test
- Trustee categories and the reasonable-fee configuration
- Ombudsman and Adjudicator review grounds and dispositions
- Manitoba timeliness brackets and reporting templates
- PHIA correspondence templates with statutory wording
Manitoba — PHIA Questions
What is the access deadline under Manitoba PHIA?
Does AccessPoint handle PHIA breach notification?
How does oversight work in Manitoba?
Where does Manitoba health data reside?
Run PHIA Access and Your Privacy Program in One Platform
Try AccessPoint free for 30 days, pre-configured for Manitoba PHIA. No credit card required.
Start Free Trial