Nova Scotia · PHIA

Health-record access and privacy for Nova Scotia custodians

AccessPoint manages PHIA access and correction requests, breach notification, and privacy impact assessments — pre-configured for Nova Scotia and running inside your own Microsoft 365 tenant.

Nova Scotia — PHIA at a glance

Access deadline
As soon as possible and no later than 30 days to respond to a request for one's own record
Correction
Custodians must respond to a correction request within 30 days; there is no fee to request a correction
Access fees
Custodians may charge reasonable, cost-based fees for copies
Breach notification
Notify the individual at the first reasonable opportunity where a breach could cause harm or embarrassment; report to the Review Officer in the circumstances PHIA sets out
Oversight
Information and Privacy Commissioner / Review Officer (recommendations, not binding orders)
Languages
English

Built for Nova Scotia — PHIA

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

PHIA access and correction

Intake to disclosure on Nova Scotia's 30-day clock — access to a patient's own record, correction requests with their own 30-day response, the PHIA rules, and defensible records, all on Microsoft 365.

Breach notification

Log a breach, assess whether it could cause the individual harm or embarrassment, and get a live checklist of what must go to the affected person and, in the circumstances PHIA sets out, to the Review Officer.

Consent and the lockbox

Track the consent directives that let an individual limit how their personal health information is used or shared, with an auditable record of every disclosure decision.

Privacy impact assessments

Run a PIA before a new collection, use, or information system goes live — a guided questionnaire, an embedded risk register, and an exportable, defensible record.

Reviews by the Review Officer

Track reviews to the Information and Privacy Commissioner with an investigation workspace and a guided path from representations to a recommendation, and on to the Supreme Court of Nova Scotia if needed.

In your own Nova Scotia tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The recommendation model

Nova Scotia's Review Officer recommends — so your record has to stand on its own. AccessPoint builds it.

Nova Scotia's Information and Privacy Commissioner, acting as the Review Officer, reviews access, correction, and breach matters under PHIA and issues recommendations rather than binding orders — and if a matter is not resolved it can go to the Supreme Court of Nova Scotia. That makes a complete, defensible record decisive. AccessPoint runs access and correction on the 30-day clock, computes breach notifications, and captures every decision on a hash-chained audit trail, in your own tenant, so the file you can produce is the file that holds up.

30-day access The patient's-own-record clock, tracked for every request and correction.
Breach duties Notification to the individual and the Review Officer, assessed and evidenced.
Audit-ready evidence A hash-chained ledger behind every access, correction, and disclosure.

Configured out of the box

Installing the ca-ns-phia configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • PHIA as the legal-authority and citation spine, with FOIPOP shipped as a separate configuration
  • Nova Scotia statutory-holiday calendar and 30-day due-date rules
  • Access, correction, and disclosure grounds mapped to PHIA
  • Consent-directive (lockbox) tracking for uses and disclosures
  • Breach assessment workflow and Review Officer reporting checklists
  • Reasonable cost-based fee categories for patient record requests
  • Review Officer review grounds, recommendations, and dispositions
  • Privacy impact assessment templates for new collections and systems

Nova Scotia — PHIA Questions

How long does a Nova Scotia custodian have to respond to an access request?

Under PHIA, a custodian must respond as soon as possible and no later than 30 days after a request for access to the individual's own record; the deadline can be extended by 30 days, or longer with the Review Officer's permission. AccessPoint computes the due date on Nova Scotia's calendar and tracks every request against it.

Does the Review Officer make binding orders?

No. Nova Scotia's Information and Privacy Commissioner acts as the Review Officer and issues recommendations rather than binding orders, and unresolved matters may be appealed to the Supreme Court of Nova Scotia. AccessPoint's reviews module keeps the investigation record and representations complete so your position is defensible at every stage.

How does it support breach notification?

AccessPoint logs a breach, helps you assess whether it could cause the individual harm or embarrassment, and produces a live checklist of notification to the affected person and, in the circumstances PHIA sets out, to the Review Officer.

Where does Nova Scotia health data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, records, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run PHIA Access, Breach, and Assessments in One Platform

Try AccessPoint free for 30 days, pre-configured for Nova Scotia. No credit card required.

Start Free Trial