4 Office of the Saskatchewan Information and Privacy Commissioner. Guide to Faxing: Preventing Breaches with Safeguards and Responding to a Privacy Breach. 5 Feb. 2026. The Health Information Protection Regulations, 2023 (HIPA Regulations) also define PHI to include genetic testing information, including that of the subject individual or of their family members. It also includes an individual’s family medical history. The Importance of Safeguards for Faxing Public bodies and trustees often use fax machines to transmit client or patient information because of the speed and convenience. Faxing documents that contain highly sensitive PI/PHI such as Social Insurance Numbers, HSN, banking information, lab results or other medical information, etc., to an unintended recipient can have significant consequences for the subject individual. Consequences can range from identity theft to the disruption of the individual’s continuity of care. This is why misdirected faxes need to be taken seriously, and reasonable safeguards put in place to prevent. These are also required by law as follows: • Sections 24.1 of FOIP/23.1 LA FOIP state that public bodies have a duty to protect PI that is in their possession or under their control.4 They must establish policies and procedures to maintain administrative, technical and physical safeguards. Safeguards are intended to protect against threats or hazards to, loss of, unauthorized access to or use of, disclosure or modification of PI. • Section 16 of HIPA requires trustees to have reasonable safeguards in place to protect PHI in their custody or control. Trustees must establish policies and procedures to maintain administrative, technical and physical safeguards. Safeguards are intended to protect against threats or hazards to, loss of, unauthorized access to or use of, disclosure or modification of PHI. Safeguards include: • Administrative safeguards are controls that focus on internal organization, policies, procedures, work standards and maintenance of security measures that protect PI/PHI. Administrative safeguards include written policies and procedures, annual training for employees, confidentiality agreements, agreements with IMSPs, auditing programs, records retention and destruction schedules and access restrictions. • Technical safeguards are the technologies that protect personal health information and control access to it. Examples include user identifications, passwords, firewalls, identification and authentication controls, virus scanners and audit capabilities in digital information systems. 4 “Possession” means the physical possession of a record plus a measure of control. “Control” connotes authority, or the authority to manage a record including restricting, regulating and administering its use, disclosure or disposition. Possession and custody are interchangeable terms.
RkJQdWJsaXNoZXIy MTgwMjYzOA==