Prince Edward Island · Health Information Act

Health-record access and privacy for Prince Edward Island custodians

AccessPoint manages Health Information Act access and correction requests, breach notification, and privacy impact assessments — pre-configured for Prince Edward Island and running inside your own Microsoft 365 tenant.

Prince Edward Island — HIA at a glance

Access deadline
30 days for a custodian to give an open, accurate, and complete response to a request for one's own record
Correction
Custodians must respond to a correction request within 30 days
Access fees
Custodians may charge reasonable, cost-based fees for copies
Breach notification
Custodians must notify affected individuals and the Information and Privacy Commissioner at the first reasonable opportunity, unless there is no adverse impact on health care or on the individual
Oversight
Information and Privacy Commissioner of Prince Edward Island (recommendations)
Languages
English

Built for Prince Edward Island — HIA

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

HIA access and correction

Intake to disclosure on Prince Edward Island's 30-day clock — access to a patient's own record, correction requests, the HIA rules, and defensible records, all on Microsoft 365.

Mandatory breach notification

Log a breach and get a live checklist of what must go to affected individuals and to the Information and Privacy Commissioner at the first reasonable opportunity — PEI is one of the provinces that requires breaches be reported to the Commissioner.

Consent and disclosure

Track the consents and disclosure rules that govern when a custodian may share personal health information, with an auditable record of every decision.

Privacy impact assessments

Run a PIA before a new collection, use, or connection to the provincial Electronic Health Record — a guided questionnaire, an embedded risk register, and an exportable record.

Reviews by the Commissioner

Track reviews to the Information and Privacy Commissioner with an investigation workspace and a guided path from representations to a recommendation and closure.

In your own Prince Edward Island tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

Mandatory breach reporting

PEI made breach reporting to the Commissioner mandatory. AccessPoint computes it.

When Prince Edward Island's Health Information Act came into force on July 1, 2017, it did something many provinces still do not: it requires custodians to report privacy breaches to the Information and Privacy Commissioner, not just to affected individuals, at the first reasonable opportunity — unless the breach will have no adverse impact on health care or on the individual. AccessPoint logs the breach, assesses adverse impact, and produces the notifications to individuals and the Commissioner, alongside access, correction, and privacy impact assessments — on one platform, in your own tenant.

Commissioner notice Mandatory breach reporting to the Information and Privacy Commissioner, computed for you.
30-day access The patient's-own-record clock, tracked for every request and correction.
Assessments Privacy impact assessments for new collections and EHR connections, on the same platform.

Configured out of the box

Installing the ca-pe-hia configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The Health Information Act as the legal-authority and citation spine, with FOIPP shipped as a separate configuration
  • Prince Edward Island statutory-holiday calendar and 30-day due-date rules
  • Access, correction, and disclosure grounds mapped to the HIA
  • Mandatory breach-notification workflow for individuals and the Commissioner
  • Reasonable cost-based fee categories for patient record requests
  • Provincial Electronic Health Record disclosure and audit rules
  • Information and Privacy Commissioner review grounds and dispositions
  • Privacy impact assessment templates for new collections and systems

Prince Edward Island — HIA Questions

Is Prince Edward Island's Health Information Act in force?

Yes. The Health Information Act came into force on July 1, 2017, and governs how custodians — including health care facilities, health care providers, Island EMS, and Canadian Blood Services — collect, use, disclose, and give individuals access to personal health information. AccessPoint ships pre-configured for it.

Does PEI require breaches to be reported to the Commissioner?

Yes. Under the Health Information Act, custodians must notify affected individuals and the Information and Privacy Commissioner at the first reasonable opportunity, unless the breach will have no adverse impact on health care or on the individual. AccessPoint assesses adverse impact and computes both notifications.

How long does a custodian have to respond to an access request?

A custodian must respond to a request for an individual's own personal health information within 30 days, and the response must be open, accurate, and complete. Correction requests carry the same 30-day response. AccessPoint tracks both against the Prince Edward Island calendar.

Where does Prince Edward Island health data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, records, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run HIA Access, Breach, and Assessments in One Platform

Try AccessPoint free for 30 days, pre-configured for Prince Edward Island. No credit card required.

Start Free Trial