On July 1, 2024, Quebec’s new Act respecting health and social services information went into effect, establishing a comprehensive privacy framework for health and social services (HSS) data. The Act modernizes privacy obligations for HSS providers, aligning them with the standards set for private sector enterprises under Quebec’s Private Sector Act. It also introduces specific rules for organizations contracting with HSS entities, such as medical SaaS providers.
The Act aims to improve health service quality by streamlining the management of HSS information and ensuring its protection. It repeals the previous legislation on health information sharing and mandates a new provincial information filing system for centralizing records. This legal overhaul impacts a wide range of public and private sector entities involved in handling HSS data.
Key obligations include implementing strong safeguards, ensuring data accuracy, obtaining clear consent from individuals, and maintaining comprehensive privacy governance policies. Organizations must also conduct privacy impact assessments, keep detailed logs, and ensure transparency in automated decisions involving HSS information.
Service providers working with HSS entities must adhere to stringent data protection terms, including confidentiality agreements and compliance with data governance rules. The Commission d’accès à l’information du Québec (CAI) oversees enforcement, with fines ranging from C$1,000 to C$150,000 for violations, aiming to ensure compliance across all affected organizations.