HIPAA vs. PIPEDA – A Comparison


The Personal Information Protection and Electronic Documents Act (PIPEDA) is a 2000 Canadian law that regulates the use, disclosure, and collection of consumer personal information by entities engaged in commerce. The Health Insurance Portability and Accountability Act (HIPAA) is a United States law regulating the use, access, and disclosure of what the law defines as “protected health information,” or PHI.

The laws are similar in that both were turn-of-the-century efforts by the Canadian and American governments to protect individuals’ data privacy. The similarities, though, more or less end there. A HIPAA vs. PIPEDA scorecard would note that the two laws are noticeably different regarding what information is regulated.

HIPAA vs. PIPEDA – What Information is Regulated?

A PIPEDA vs. HIPAA comparison of what each law regulates is revealing. PIPEDA governs the use, disclosure, and collection of what PIPEDA calls “personal information.” The term “personal information” is defined extremely broadly. PIPEDA personal information includes any factual or subjective information, recorded or not, about an identifiable individual (that is, a specific person). 

This includes information in any form, such as:

  • Age, name, ID numbers, income, ethnic origin, or blood type
  • Opinions, evaluations, comments, social status, or disciplinary actions
  • Employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs)

HIPAA vs. PIPEDA: Personal Information vs. Protected Health Information

On the HIPAA vs. PIPEDA scorecard, PIPEDA easily wins the “which law regulates more information” contest. Under PIPEDA, personal information includes health-related information, just as HIPAA does. Personal information also includes non-health-related information. 

A HIPAA vs. PIPEDA comparison of what factual information is regulated is notable. PIPEDA regulates a fair amount of factual information, such as social status, disciplinary actions, employee files, and credit card disputes, that HIPAA does not. A PIPEDA vs. HIPAA comparison of what non-factual information is regulated by each, reveals a wide imbalance. 

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

While HIPAA regulates opinions, the regulated opinions are those made by doctors when rendering treatment and offering diagnoses. PIPEDA regulates a much wider variety of opinions. An individual’s views or opinions about an employee (i.e., performance appraisals, comments in internal investigation files, and complaints against employees in which an opinion about the employee is made) all qualify as personal information.

On the PIPEDA vs. HIPAA ledger, the HIPAA side of what information is regulated is considerably smaller. HIPAA regulates protected health information (PHI). Protected health information that “Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual,” that is:

  • Transmitted by electronic media
  • Maintained in electronic media
  • Transmitted or maintained in any other form or medium

PHI is information limited by subject – it is health or healthcare-related information. To qualify as PHI, a