Blog Hero

HIPAA/PIPEDA Regulations and Why You Need to Be Following Them

A Refresher on the HIPAA and PIPEDA

No matter what country you operate out of, the regulations that govern personal information are a big deal. As healthcare providers, you are trusted and expected to store patient data securely, and the consequences are immense if you don’t. 

The HIPAA (Standards for Privacy of Individually Identifiable Health Information) is the enacted rule in the United States that regulates the protection of patients’ personal or protected health information. The PIPEDA (Personal Information and Protection of Electronic Documents Act) is the legislation that governs the gathering of consent when practices want to use or disclose a patient’s collected information, in Canada.


This blog is only meant to serve as a guide and does not replace or supersede the legislature it discusses. Please refer to the original laws to ensure you understand the full scope of each and seek legal counsel if you have questions.

What’s Covered?

Keeping track of the guidelines and laws surrounding the collection of your patients’ information can get confusing and at worst, overwhelming. We’ve put together a quick overview of the legislation in North America so you can make sure that all your marketing endeavours are within the law.

PIPEDA (Canada)

All Federally regulated organizations that conduct business in Canada are subject to PIPEDA. The act also applies to their employees’ information.

Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).

Business’ responsibilities under PIPEDA are outlined in the 10 fair information principles. They are:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

HIPAA (United States of America)

HIPAA is part of the Health Insurance Portability and Accountability Act, passed in 1994 that serves to enforce privacy standards relating to individually identifiable health information. That information includes:

  • The patient’s name, address, birthday, or social insurance number
  • The patient’s past, present, or future mental or physical health condition
  • Any services or care you’ve provided to the patient in the past or are currently providing the patient
  • Any other information that one might reasonably believe could be used to identify your patient

Be Aware 

You need a patient’s written consent to include them in marketing campaigns, so be careful that your patient is not just implying their consent.

One More Caution

While the federal legislation applies to all federally regulated businesses (like eye care practices), many provinces, territories, and states have their own legislation that deals with privacy and the use of personal information. Keeping up to date with your location’s legislation is pivotal in your efforts to keep your patients’ information safe while keeping them informed of the information they need. As always, if you want guidance on your marketing efforts, or just want to speak to the experts, contact us here.

Written by Trudi Charest

More Articles By Trudi Charest

Our Website Products


Our essential websites are perfect for new start-ups and small practices. If you are ready to create – or upgrade – your online presence and want to get started right away, our essential website is for you.


Our essential+ sites are a step up from our essential sites. You’ll get all the ease and speed of our essential sites, but with 5 extra pages of custom content to tell your patients about your specialty or area of focus.


Our premium sites are custom websites with 20-25 pages of custom medical content, SEO performance monitoring and custom design. 


Custom sites are completely custom sites, and are available only by request.


If you have multiple locations or require multiple websites, our Enterprise option is built for you.

Discover Our Website Solutions

What We Can Do For You

We’ll work with you to build a customized plan that respects your budget, represents your unique practice, and achieves your objectives.

Marketing Membership

Search Engine Optimization

Google Ads

Digital Awareness Ads

Email Marketing

Social Media


Dry Eye Marketing

Medical Niche Marketing

Partnered With Industry Leaders in Eye Care

Lumenis logo
Canadian Dry Eye Summit logo
Otto logo
sunbit logo
jobs 4ECPS logo
4 Patient Care logo
Payments 4 ECPS logo
Birdeye logo

Our Lumenis Partnership

We understand that specializing in a niche service can help elevate your practice – and how it is crucial for your patients to understand what you offer.

Marketing4ECPs’ partnership with Lumenis was developed to support its clients with innovative marketing solutions. We support the marketing behind the OptiLight system, helping practices drive awareness to this specialized treatment and make the most of promoting their investment.

What Industry Leaders Are Saying

Our work speaks for itself, but don’t just listen to us. See what industry leaders have to say!

Get In Touch

instagram facebook facebook2 pinterest google-plus google linkedin2 yelp youtube phone location calendar share2 link star-full star star-half chevron-right chevron-left chevron-down chevron-up envelope fax