Practice Resources

EMRs and privacy

Most EMR users are considered to be “custodians” under the PHIA legislation.

Under the Personal Health Information Act (PHIA) most electronic medical record (EMR) users are considered to be “custodians.” Custodian is a term PHIA uses to describe those who have custody and control of personal health information. 

Custodian safeguards

Under PHIA regulations, custodians must implement additional safeguards for personal health information held in an electronic information system maintained by the custodian as outlined:

  1. Protection of network infrastructure, including physical and wireless networks, to ensure secure access
  2. Protection of hardware and its supporting operating systems to ensure that the system functions consistently and only those authorized to access the system have access
  3. Protection of the system’s software, including the way it authenticates a user’s identity before allowing access

In addition, the regulations state a “custodian must create and maintain written policies to support and enforce the implementation of the safeguards.”