New Brunswick · PHIPAA

Health-record access and privacy for New Brunswick custodians

AccessPoint manages PHIPAA access and correction requests, breach notification, and privacy impact assessments — pre-configured for New Brunswick and running inside your own Microsoft 365 tenant.

New Brunswick — PHIPAA at a glance

Access deadline
30 business days for a custodian to respond to a request for one's own record, with a further period available in defined circumstances
Correction
Individuals may request correction of inaccurate or incomplete records, answered on the same 30-business-day timeline
Access fees
Examination is free; a fair and reasonable fee for search, preparation, copying, and delivery may apply under the regulations (copying capped at roughly $0.25 per page)
Breach notification
Custodians must notify affected individuals of loss, theft, or unauthorized disclosure unless there is no adverse impact
Oversight
Office of the Ombud (recommendations, not binding orders)
Languages
English and French (New Brunswick is officially bilingual)

Built for New Brunswick — PHIPAA

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

PHIPAA access and correction

Intake to disclosure on New Brunswick's 30-business-day clock — access to a patient's own record, correction requests, the PHIPAA disclosure rules, and defensible records, all built on Microsoft 365.

Breach notification

Log a privacy breach, assess whether it could adversely affect the individual, and get a live checklist of what must go to affected people and, where warranted, to the Office of the Ombud — and by when.

Consent and disclosure

Track the consents, directives, and disclosure rules that govern when a custodian may share personal health information, with an auditable record of every decision.

Privacy impact assessments

Run a PIA before a new collection, use, or information system goes live — a guided questionnaire, an embedded risk register, and an exportable, defensible record.

Complaints to the Ombud

Track complaints and reviews to the Office of the Ombud with an investigation workspace and a guided path from representations to a recommendation and closure.

In your own New Brunswick tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The custodian's duties

PHIPAA gives patients a right to their record on a 30-business-day clock. AccessPoint runs it.

Under PHIPAA, a New Brunswick custodian must give an individual access to their own personal health information within 30 business days, correct records that are inaccurate or incomplete, notify people when their information is lost, stolen, or improperly disclosed, and safeguard everything in between. Most offices juggle these duties across email and spreadsheets. AccessPoint operates access, correction, breach notification, and privacy impact assessments on one platform, in your own tenant, so your health-privacy program lives in a single governed system.

30-business-day access The patient's-own-record clock, computed and tracked for every request.
Breach duties Notification to affected individuals and the Ombud, assessed and evidenced.
Assessments Privacy impact assessments on the same platform, with a full audit trail.

Configured out of the box

Installing the ca-nb-phipaa configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • PHIPAA as the legal-authority and citation spine, with RTIPPA shipped as a separate configuration
  • New Brunswick statutory-holiday calendar and 30-business-day due-date rules
  • Access, correction, and disclosure grounds mapped to PHIPAA sections
  • Regulated search, copying, and delivery fee categories for patient record requests
  • Breach assessment workflow and Office of the Ombud reporting checklists
  • Ombud complaint and review grounds and dispositions
  • Privacy impact assessment templates for new collections and systems
  • Bilingual (English/French) correspondence and notification templates

New Brunswick — PHIPAA Questions

How long does a New Brunswick custodian have to respond to an access request?

PHIPAA gives an individual the right to their own personal health information, and a custodian must respond within 30 business days of the request, with a further period available in defined circumstances. AccessPoint computes the due date on New Brunswick's business-day calendar, tracks every request against it, and flags anything at risk of running late.

Does AccessPoint handle correction requests and disclosure rules?

Yes. Individuals can ask a custodian to correct a record that is inaccurate or incomplete, and AccessPoint runs correction requests alongside the consent and disclosure decisions that govern when personal health information may be shared — each captured with an auditable record.

How does it support breach notification?

AccessPoint logs a privacy breach, walks you through assessing whether it could adversely affect the individual, and produces a live checklist of notifications to affected individuals and, where warranted, to the Office of the Ombud — the independent overseer of PHIPAA.

Where does New Brunswick health data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, records, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run PHIPAA Access, Breach, and Assessments in One Platform

Try AccessPoint free for 30 days, pre-configured for New Brunswick. No credit card required.

Start Free Trial