Skip to main content
All of CanadaUpdated April 2026

Health Privacy Issues

What your health information includes, how the circle of care works, and what to do if your health records have been accessed or disclosed improperly.

TL;DR

Health information is among the most sensitive personal information and is protected by specialized provincial laws. The circle of care allows information to flow for treatment without express consent, but any use beyond direct care usually requires consent.

What counts as health information

Most health privacy laws define health information broadly to include:

  • Physical and mental health history and diagnoses.
  • Information about services provided to you.
  • Payments for services and insurance.
  • Substitute decision-maker information.
  • Body substance specimens and genetic information.

Unauthorized access (snooping)

Snooping by health-care employees into records of family, friends, or celebrities is a serious violation. Custodians must investigate and report snooping to the commissioner in many provinces.

In Ontario, wilful snooping under PHIPA can lead to significant fines against the individual employee.

Disclosure to family

Custodians cannot generally disclose to family members unless:

  • You have consented.
  • You are incapable and the family member is your substitute decision-maker.
  • A specific statutory exception applies (e.g., next of kin for deceased patients).

Related topics

Ask AI