The laws are similar in that both were turn-of-the-century efforts by the Canadian and American governments to protect individuals’ data privacy. The similarities, though, more or less end there. A HIPAA vs. PIPEDA scorecard would note that the two laws are noticeably different regarding what information is regulated.
HIPAA vs. PIPEDA – What Information is Regulated?
A PIPEDA vs. HIPAA comparison of what each law regulates is revealing. PIPEDA governs the use, disclosure, and collection of what PIPEDA calls “personal information.” The term “personal information” is defined extremely broadly. PIPEDA personal information includes any factual or subjective information, recorded or not, about an identifiable individual (that is, a specific person).
This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type
- Opinions, evaluations, comments, social status, or disciplinary actions
- Employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs)
HIPAA vs. PIPEDA: Personal Information vs. Protected Health Information
On the HIPAA vs. PIPEDA scorecard, PIPEDA easily wins the “which law regulates more information” contest. Under PIPEDA, personal information includes health-related information, just as HIPAA does. Personal information also includes non-health-related information.
A HIPAA vs. PIPEDA comparison of what factual information is regulated is notable. PIPEDA regulates a fair amount of factual information, such as social status, disciplinary actions, employee files, and credit card disputes, that HIPAA does not. A PIPEDA vs. HIPAA comparison of what non-factual information is regulated by each, reveals a wide imbalance.