Guide to FOIP-Chapter 6

Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 118 • Consent.358 SECTION 24.2: INFORMATION MANAGEMENT SERVICE PROVIDER Information management service provider 24.2(1) A government institution may provide personal information to an information management service provider for the purposes of: (a) having the information management service provider process, store, archive or destroy the personal information for the government institution; (b) enabling the information management service provider to provide the government institution with information management or information technology services; (c) having the information management service provider take possession or control of the personal information; (d) combining records containing personal information; or (e) providing consulting services. (2) Before disclosing personal information to an information management service provider, a government institution shall enter into a written agreement with the information management service provider that: (a) governs the access to and use, disclosure, storage, archiving, modification and destruction of the personal information; (b) provides for the protection of the personal information; and (c) meets the requirements of this Act and the regulations. (3) An information management service provider shall not obtain access to, use, disclose, process, store, archive, modify or destroy personal information received from a government institution except for the purposes set out in subsection (1). (4) An information management service provider shall comply with the terms and conditions of the agreement entered into pursuant to subsection (2). Section 24.2 of FOIP provides authority to a government institution to disclose personal information to an information management service provider for specific purposes outlined in 358 Adapted from SK OIPC Investigation Report H-2011-001 at [135]. Originates from Canada’s Health Informatics Association, Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records – 2010 Guidelines for the Protection of Health Information Special Edition at p. 8.

RkJQdWJsaXNoZXIy MTgwMjYzOA==