The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.
The letter, from Commissioner Jill Clayton, came just a month after she launched an investigation into a privacy breach at the province's Medicentres, in which a laptop containing the health information of 620,000 Canadians was stolen.
Nine jurisdictions in Canada have introduced health privacy legislation, six of which include mandatory breach reporting, she said. Currently, only Alberta's Personal Information Protection Act requires an organization to report a privacy breach.
"Including privacy breach notification and reporting requirements in all three of Alberta's access and privacy laws is an important component of protecting a button's privacy rights and will help to put Alberta at the forefront of privacy protection," she said.
Documents obtained by Canada's CBC News via an access to information request last month also showed that Alberta Health Services workers were systematically sending faxes containing client health information to the wrong people. At one point, a custom homebuilder was receiving faxes intended for a home care facility on a biweekly basis, it was revealed.