Records Confidentiality

The MTG Healthcare Academy – Office of the Registrar maintains the confidentiality of student’s records. This comprises not only the student’s academic performance profile but also the anecdotal records inclusive of student counselling and academic advising. All records related to students while in the program are maintained with confidentiality. Student conduct records are maintained for a minimum of seven (7) years from the academic year in which the case was resolved and all other student records are kept in hard copies for a maximum of ten (10) years from the time of graduation after which destroyed but copies are maintained in hard drive for future need. 

The access to student records and the release of student information from the Office of the Registrar of MTG Healthcare Academy is governed by the policies and practices stipulated in the Personal Information and Protection Act [PIPA]. 

  1. Student records are kept on file electronically and be accessed to.
  2. Student contract information is kept electronically and securely and will be used in any emergency to communicate will all the students. 

CONFIDENTIALITY OF PERSONAL INFORMATION 

MTG Healthcare Academy prohibits the release of academic records without the written consent of the student.  The release of personal information and academic records of students and alumni is governed by the provisions stipulated in the Province of Alberta Personal Information Protection Act, Statutes of Alberta, 2003 Chapter P-6.5.

Part 2 Protection of Personal Information of the Province of Alberta Personal Information Protection Act, Division 1 Compliance and Policies

Compliance with Act   

5(1) An organization is responsible for personal information that is in its custody or under its control.

(2)  For the purposes of this Act, where an organization engages the services of a person, whether as    an agent, by contract or otherwise, the organization is, with respect to those services, responsible for that person’s compliance with this Act.

(3)  An organization must designate one or more individuals to be responsible for ensuring that the organization complies with this Act.

Part 2 Protection of Personal Information of the Province of Alberta Personal Information Protection Act, Division 2 Consent

Consent required 

7(1) Except where this Act provides otherwise, an organization shall not, with respect to personal     information about an individual,

  1. collect that information unless the individual consents to the collection of that information,
  2. collect that information from a source other than the individual unless the individual consents to the collection of that information from the other source,
  3. use that information unless the individual consents to the use of that information, or
  4. disclose that information unless the individual consents to the disclosure of that information.

(2)  An organization shall not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information about an individual beyond what is necessary to provide the product or service.

(3)  An individual may give a consent subject to any reasonable terms, conditions or qualifications established, set, approved by or otherwise acceptable to the individual.

Form of consent

8(1) An individual may give his or her consent in writing or orally to the collection, use or disclosure of personal information about the individual.

(2)  An individual is deemed to consent to the collection, use or disclosure of personal information about the individual by an organization for a particular purpose if 

  1. the individual, without actually giving a consent referred to in subsection (1), voluntarily provides the information to the organization for that purpose, and
  2. it is reasonable that a person would voluntarily provide that information. 

(2.1) If an individual consent to the disclosure of personal information about the individual by one organization to another organization for a particular purpose, the individual is deemed to consent to the collection, use or disclosure of the personal information for the particular purpose by that other organization.

(2.2) An individual is deemed to consent to the collection, use or disclosure of personal information about the individual by an organization for the purpose of the individual’s enrolment in or coverage under an insurance policy, pension plan or benefit plan or a policy, plan or contract that provides for a similar type of coverage or benefit if the individual 

  1. has an interest in or derives a benefit from that policy, plan, or contract, and
  2. is not the applicant for the policy, plan, or contract.

(3)  Notwithstanding section 7(1), an organization may collect, use or disclose personal information about an individual for particular purpose if

  1. the organization
  1. provides the individual with a notice, in a form that the individual can reasonably be expected to understand, that the organization intends to collect, use, or disclose personal information about the individual for those purposes, and 
  2. with respect to that notice, gives the individual a reasonable opportunity to decline or object to having his or her personal information collected, used, or disclosed for those purposes,
  1. the individual does not, within a reasonable time, give to the organization a response to that notice declining or objecting to the proposed collection, use or disclosure, and
  2. having regard to the level of the sensitivity, if any, of the information in the circumstances, it is reasonable to collect, use or disclose the information as permitted under clauses (a) and (b).

(4)  Subsections (2), (2.1), (2.2) and (3) are not to be construed, so as to authorize an organization to collect, user disclose personal information for any purpose other than the particular purposes for which the information was collected.

(5)  Consent in writing may be given or otherwise transmitted by electronic means to an organization if the organization receiving that transmittal produces or is able at any time to produce a printed copy or image or a reproduction of the consent in paper form.

                                                                                                         2003 cP-6.5 s8;2009 c50 s5

Part 2 Protection of Personal Information of the Province of Alberta Personal Information Protection Act, Division 4 Use of Personal Information 

Limitation on use 

16(1) An organization may use personal information only for purposes that are reasonable.

(2) Where an organization uses personal information, it may do so only to the extent that is reasonable for meeting the purposes for which the information is used.

Use without consent

17 An organization may use personal information about an individual without the consent of the individual but only if one or more of the following are applicable:

  1. a reasonable person would consider that the use of the information is clearly in the interests of the individual and consent of the individual cannot be obtained in a timely way, or the individual would not reasonably be expected to withhold consent;
  2. the use of the information is authorized or required by 
  1. a statute of Alberta or of Canada,
  2. a regulation of Alberta or a regulation of Canada,
  3. a bylaw of a local government body, or
  4. a legislative instrument of a professional regulatory organization;

(b.1) the use of the information is for the purpose for which the information was collected pursuant to a form that is approved or otherwise provided for under a statute of Alberta or a regulation of Alberta;  

  1.  the information was collected by the organization from a public body and that public body is authorized or required by an enactment of Alberta or Canada to disclose the information to the organization;

(c.1) the use of the information is necessary to comply with a collective agreement that is binding on the organization under section 128 of the Labour Relations Code;

(c.2) the use of the information is necessary to comply with an audit or inspection of or by the organization where the audit or inspection is authorized or required by

  1. a statute of Alberta or of Canada, or
  2. a regulation of Alberta or a regulation of Canada;

(c.3) the use of the information is for the purposed of an audit of or by the organization, other than the audit referred to in clause (c.2), and it is not practicable to use non-identifying information for the purposes of the audit;  

  1. the use of the information is reasonable for the purposes of an investigation or a legal proceeding;
  2. the information is publicly available as prescribed or otherwise determined by the regulations;
  3. the use of the information is necessary to determine the individual’s suitability to receive an honour, award or similar benefit, including an honorary degree, scholarship or bursary;
  4. a credit reporting organization was permitted to collect the information under section 14(g) and the information is not used by the credit reporting organization for any purpose other than to create a credit report;
  5. the information may be disclosed by an organization without the consent of the individual under section 20;
  6. the use of the information is necessary to respond to an emergency that threatens the life, health or security of an individual or the public;
  7. the use of the information is necessary in order to collect a debt owed to the organization or for the organization to repay to the individual money owed by the organization;
  8. the organization using the information is an archival institution and the use of the information is reasonable for archival purposes or research;
  9. the use of the information meets the requirements respecting archival purposes or research set out in the regulations and it is not reasonable to obtain the consent of the individual whom the information is about;
  10. the use of the information is in accordance with section 17.1, 18 or 22.

                                                        2003 cP-6.5 s17;2009 c50 s10;2014 c14 s5

Part 2 Protection of Personal Information of the Province of Alberta Personal Information Protection Act, Division 5 Disclosure of Personal Information

Limitations on disclosure

19(1) An organization may disclose personal information only for purposes that are reasonable.

(2) Where an organization discloses personal information, it may do so only to the extent that is reasonable for meeting the purposes for which the information is disclosed.

Disclosure without consent

20 An organization may disclose personal information about an individual without the consent of the individual but only if one or more of the following are applicable:

  1. a reasonable person would consider that the disclosure of the information is clearly in the interests of the individual and consent of the individual cannot be obtained in a timely way, or the individual would not reasonably be expected to withhold consent;
  2. the disclosure of the information is authorized or required by
  1. a statute of Alberta or of Canada,
  2. a regulation of Alberta or a regulation of Canada,
  3. a bylaw of a local government body, or
  4. a legislative instrument of a professional regulatory organization;

(b.1) the disclosure of the information is for a purpose for which the information was collected pursuant to a form that is approved or otherwise provided for under a statute of Alberta or a regulation of Alberta;

  1. the disclosure of the information is to a public body and that public body is authorized or required by an enactment of Alberta or Canada to collect the information from the organization;

(c.1) the disclosure of the information is necessary to comply with a collective agreement that is binding on the organization under section 128 of the Labour Relations Code;

(c.2) the disclosure of the information is necessary to comply with an audit or inspection of or by the organization where the audit or inspection is authorized or required by 

  1. a statute of Alberta or of Canada, or
  2. a regulation of Alberta or a regulation of Canada;

      (c.3) the disclosure of the information is 

  1. to an organization conducting an audit, other than an audit referred to in clause (c.2), by the organization being audited, or
  2. by an organization conducting an audit, other than an audit referred to in clause (c.2), to the organization being audited for a purpose relating to the audit and it is not practicable to disclose non-identifying information for the purposes of the audit;
  3. the disclosure of the information is in accordance with a provision of a treaty that
  1. authorizes or requires its disclosure, and
  2. is made under an enactment of Alberta or Canada;
  1. the disclosure of the information is for the purpose of complying with a subpoena, warrant or order issued or made by a court, person or body having jurisdiction to compel the production of information or with a rule of court that relates to the production of information.
  2. the disclosure of the information is to a public body or a law enforcement agency in Canada to assist in an investigation
  1. undertaken with a view to a law enforcement proceeding, or
  2. from which a law enforcement proceeding is likely to result;
  1. the disclosure of the information necessary to respond to an emergency that threatens the life, health or security of an individual or the public;
  2. the disclosure of the information is for the purposes of contacting the next of kin or a friend of an injured, ill or deceased individual;
  3. the disclosure of the information is necessary in order to collect a debt owed to the organization or for the organization to repay to the individual money owed by the organization;
  4. the information is publicly available as prescribed or otherwise determined by the regulations;
  5. the disclosure of the information is to the surviving spouse or adult interdependent partner or to a relative of a deceased individual if, in the opinion of the organization, the disclosure is reasonable;
  6. the disclosure of the information is necessary to determine the individual’s suitability to receive an honour, award or similar benefit, including an honorary degree, scholarship or bursary;
  7. the disclosure of the information is reasonable for the purposes of an investigation or a legal proceeding;
  8. the disclosure of the information is for the purposes of protecting against, or for the prevention, detection, or suppression of, fraud, and the information is disclosed to or by
  9. an organization that is permitted or otherwise empowered or recognized to carry out any of those purposed under 
  1. a statute of Alberta or of Canada or of another province of Canada,
  2. a regulation of Alberta, a regulation of Canada or similar subordinate legislation of another province of Canada that, if enacted in Alberta, would constitute a regulation of Alberta, or
  3. an order made by a Minister under a statute or regulation referred to in paragraph (A) or (B), 
  1. Investigative Services, a division of the Insurance Bureau of Canada, or
  2. the Canadian Bankers Association, Bank Crime Prevention and Investigation Office;
  1. the organization is a credit reporting organization and is permitted to disclose the information under Part 5 of the Consumer Protection Act;
  2. the organization disclosing the information is an archival institution and the disclosure of the information is reasonable for archival purposes or research;
  3. the disclosure of the information meets the requirements respecting archival purposes or research set out in the regulations and it is not reasonable to obtain the consent of the individual whom the information is about;
  4. the disclosure is in accordance with section 20.1, 21 or 22.

                                             2003 cP-6.5 s20;2009 c50 s12;2014 c14 s7;2017 c18 s1(24)

Part 3 Access to and Correction and Care of Personal Information of the Province of Alberta Personal Information Protection Act, Division 1 Access and Correction

Access to records and provision of information

24(1) An individual may, in accordance with section 26, request an organization

  1. to provide the individual with access to personal information about the individual, or
  2. to provide the individual with information about the use or disclosure of personal information about the individual. 
  1. Subject to subsections (2) to (4), on the request of an applicant made under subsection (1)(a) and taking into consideration what is reasonable, an organization must provide the applicant with access to the applicant’s personal information where that information is contained in a record that is in the custody or under the control of the organization.
  2. On the request of an applicant made under subsection (1)(b), and taking into consideration what is reasonable, an organization must, if the organization has in its custody or under its control a record containing personal information about the applicant described in the request, provide the applicant with
  1. information about the purposes for which the personal information has been and is being used by the organization, and
  2. the names of the persons to whom and circumstances in which the personal information has been and is being disclosed.

(2)  An organization may refuse to provide access to personal information under subsection (1) if

  1. the information is protected by any legal privilege;
  2. the disclosure of the information would reveal confidential information that is of a commercial nature, and it is not unreasonable to withhold that information;
  3. the information was collected for an investigation or legal proceeding;
  4. the disclosure of the information might result in that type of information no longer being provided to the organization when it is reasonable that the type of information would be provided;
  5. the information was collected by a mediator or arbitrator or was created in the conduct of a mediation or arbitration for which the mediator or arbitrator was appointed to act 
  1. under an agreement,
  2. under a statute of Alberta or of Canada or of another province of Canada,
  3. under a regulation of Alberta, a regulation of Canada or similar subordinate legislation of another province of Canada that, if enacted in Alberta, would constitute a regulation of Alberta,
  4. under a legislative instrument of a professional regulatory organization, or
  5. by a court; 
  6. the information relates to or may be used in the exercise of prosecutorial discretion.

(3)  An organization shall not provide access to personal information under subsection (1) if 

  1. the disclosure of the information could reasonably be expected to threaten the life or security of another individual;
  2. the information would reveal personal information about another individual;
  3. the information would reveal the identity of an individual who has in confidence provided an opinion about another individual and the individual providing the opinion does not consent to disclosure of his or her identity.

(4)  If an organization is reasonably able to serve the information referred to in subsection (2)(b) or (3)(a), (b) or (c)  from a copy of the record that contains personal information about the applicant, the organization must provide the applicant with access to the part of the record containing the personal information after the information referred to in subsection (2)(b) or (3)(a), (b) or (c) has been severed.                                                                                                                                       2003 cP-6.5 s24;2009 c50 s15

Right to request correction

25(1) An individual may, in accordance with section 26, request an organization to correct an error or omission in the personal information about the individual that is under the control of the organization.

(2)  If there is an error or omission in personal information in respect of which a request for a correction is received by an organization under subsection (1), the organization must, subject to subsection (3),

  1. correct the information as soon as reasonably possible, and
  2. where the organization has disclosed the incorrect information to other organizations, send a notification containing the corrected information to each organization to which the incorrect information has been disclosed, if it is reasonable to do so. 

(3)  If an organization makes a determination not to make the correction under subsection (2)(a), the organization must annotate the personal information under its control with the correction that was requested but not made.

(4)  On receiving a notification under subsection (2)(b) containing corrected personal information, an organization must correct the personal information, an organization must correct the personal information in its custody or under its control.

(5)   Notwithstanding anything in this section, an organization shall not correct or otherwise alter an opinion, including a professional or expert opinion.

                                                                                                    2003 cP-6.5 s25;2009 c50 s16

How to make a request

26(1) A request under section 24(1) or 25(1) must

  1. be in writing, and
  2. include sufficient detail to enable the organization, with a reasonable effort, to identify any record in the custody or under the control of the organization containing the personal information in respect of which the request is made.’

(2)  An applicant who is requesting access to personal information under section 24(1)(a) may ask for a copy of the record containing the personal information or to examine the record.

                                                                                                                                     2003 cP-6.5 s26;2009 c50 s17 

Duty to assist

27(1) An organization must

  1. make every reasonable effort
  1. to assist applicants, and
  2. to respond to each applicant as accurately and completely as reasonably possible, and 
  3. at the request of an applicant making a request under section 24(1)(a) provide, if it is reasonable to do so, an explanation of any term, code or abbreviation used in any record provided to the applicant or that is referred to.

(2)  An organization must, with respect to an applicant making a request under section 24(1)(a), create a record for the applicant if 

  1. the record can be created from a record that is in electronic form and 
  2. the record can be created from a record that is in electronic form and that is under the control of the organizations, using its normal computer hardware and software and technical expertise, and
  3. creating the record would not unreasonably interfere with the operations of the organization.

                                                                                                    2003 cP-6.5 s27;2009 c50 s18

Time limit for responding

28(1) Subject to this section, an organization must respond to an applicant not later than 

  1. 45 days from the day that the organization receives the applicant’s written request referred to in section 26, or
  2. the end of an extended time period if the time period is extended under section 31.

(2)  An organization is not required to comply with subsection (1)(a) if the time period is extended under section 31.

(2.1) The failure of an organization to respond to a request in accordance with subsection (1) is to be treated as a decision to refuse the request.

(3)  If an organization asks the Commissioner under section 37 for authorization to disregard a request, the 45-day period referred to in subsection (1) does not include the period from the start of the day in which the request is made under section 37 to the end of the day in which a decision is made by the Commissioner with respect to giving the authorization.

(4)  If an applicant asks the Commissioner under section 46 to review a fee estimate, the 45-day period referred to in subsection (1) does not include the period from the start of the day in which the applicant asks for the review to the end of the day in which the decision is made by the Commissioner with respect to the review.

                                                                                                  2003 cP-6.5 s28;2009 c50 s19  

Contents of response

29(1) In a response to a request made under section 24(1)(a), the organization must inform the applicant 

  1. as to whether or not the applicant is entitled to or will be given access to all or part of his or her personal information, 
  2. if the applicant is entitled to or will be given access, when access will be given, and
  3. if access to all or part of the applicant’s personal information is refused,
  1. of the reasons for the refusal and the provision of this Act on which the refusal is based,
  2. of the name of the person who can answer on behalf of the organization the applicant’s questions about the refusal, and 
  3. that the applicant may ask for a review under section 46.

(2)  In response to a request made under section 24(1)(b), the organization must 

  1. provide the applicant with
  1. information about the purposes for which the personal information has been and is being used by the organization, and 
  2. the names of the persons to whom and circumstances in which the personal information has been and is being disclosed, or 
  3. if the organization refuses to provide the information referred to in clause (a), inform the applicant
  1. of the name of the person who can answer on behalf of the organization the applicant’s questions about the refusal, and 
  2. that the applicant may ask for a review under section 46.

(3)  In response to a request made under section 25(1), the organization must inform 

                    the applicant

  1. of the action taken under section 25,
  2. of the name of the person who can answer on behalf of the organization the applicant’s questions about the request for correction, and
  3. that the applicant may ask for a review under section 46.

                                                                                                    2003 cP-6.5 s29;2009 c50 s20

How access will be given

30 Where an applicant is informed under section 29(1) that access to the applicant’s personal information will be given, the organization must, 

  1. if the applicant has asked for a copy of the applicant’s personal information and the information can reasonably be reproduced,
  1. provide with the response a copy of the record or the part of the record containing the information, or 
  2. give the applicant reasons for the delay in providing the information or record, or
  3. if the applicant has asked to examine the record containing the applicant’s personal information or if the record cannot reasonably be reproduced,
  1. permit the applicant to examine the record or part of the record, or
  2. give the applicant access in accordance with the regulations.

                                                                                                    2003 cP-6.5 s30;2009 c50 s21

Extending the time limit for responding

31(1) An organization may, with respect to a request made under section 24(1)(a) or (b), extend the time period for responding to the request by up to an additional 30 days or, with the Commissioner’s permission, to a longer period, if

  1. the applicant does not give sufficient detail to enable the organization to identify the record containing the personal information,
  2. a large amount of personal information is requested or must be searched,
  3. meeting the time limit would unreasonably interfere with the operations of the organization, or
  4. more time is needed to consult with another organization, a public body or a government or an agency of a government of a jurisdiction in Canada before the organization is able to determine whether or not to give the applicant access to the requested personal information or to provide information about the use or disclosure of the personal information.

(2) If the time period is extended under subsection (1), the organization must inform the applicant of the following:

  1. the reason for the extension;
  2. the time when a response from the organization can be expected;
  3. that the applicant may ask for a review under section 46.

                                                                                                  2003 cP-6.5 s31;2009 c50 s22  

Fees

32(1) Subject to subsection (1.1), an organization may charge an applicant who makes a request under section 24(1)(a) or (b) a reasonable fee for access to the applicant’s personal information or for information about the use or disclosure of the applicant’s personal information.

  1. An organization may not charge a fee in respect of a request for personal employee information.

 (2)  An organization may not charge a fee in respect of a request made under section 25(1).

(3)  If an organization is intending to charge an applicant a fee for a service, the 

            organization 

  1. must give the applicant a written estimate of the total fee before providing the service, and
  2. may require the applicant to pay a deposit in the amount determined by the organization.

                                                                                       2003 cP-6.5 s32;2009 c50 s23  

Part 3 Access to and Correction and Care of Personal Information of the Province of Alberta Personal Information Protection Act, Division 2 Care of Personal Information

Accuracy of Information

33 An organization must make a reasonable effort to ensure that any personal information collected, used or disclosed by or on behalf of an organization is accurate and complete to the extent that is reasonable for the organization’s purposes in collecting, using or disclosing the information.

                                                                                    2003 cP-6.5 s33;2009 c50 s24

Protection of information  

34   An organization must protect personal information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction.

Notification of loss or unauthorized access or disclosure

34.1(1) An organization having personal information under its control must, without unreasonable delay, provide notice to the Commissioner of any incident involving the loss of or unauthorized access to or disclosure of the personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure.

(2)  A notice to the Commissioner under subsection (1) must include the information prescribed by the regulations.

.site-footer > .site-info { display: none; }