All Standards
Effective: Aug 1st 2023 | Status: Approved


Standard Statement

The dental hygienist manages patient records in compliance with applicable legislation and regulatory requirements intended to protect the privacy and confidentiality of health information

Performance Expectations

The dental hygienist must… 

  1. Ensure the patient record:  
    1. Is created, maintained, stored, and accessed in a manner that protects patient confidentiality through administrative, technical, and physical safeguards in compliance with applicable legislation; and 
    2. Is retrievable and available for authorized sharing within a reasonable period of time when a request is received, to facilitate continuity of patient care.  
  2. Identify and confirm whether they are acting as a custodian of health information or an affiliate of a custodian for the purposes of the Health Information Act (HIA), and act in accordance with the HIA.  
  3. When working in an environment with one or more health care providers, ensure (e.g., through office policy) that the patient record is under the custody and control of an identified custodian as defined in the HIA.  
  4. In an electronic patient record:  
    1. Use only single-user log-in information or access card to access or enter information into a patient record; and 
    2. Take reasonable steps and use safeguards to maintain the security of user password(s) or access cards (e.g., logging off when finished). 
  5. When acting as an affiliate: 
    1. Know and follow the custodian’s policies and procedures regarding access, collection, use, disclosure, security, and disposal of health information; and 
    2. Notify the custodian as soon as possible of any reasonably anticipated or actual  
      1. Threat or hazard to the security or integrity of health information;  
      2. Loss of health information;  
      3. Unauthorized use, disclosure, or modification of health information; or  
      4. Unauthorized access to health information. 
  6. When acting as a custodian:  
    1. Establish and follow policies and procedures in accordance with the HIA including but not limited to: 
      1. Mandatory privacy breach reporting; and 
      2. Establishing information management agreements with third party service providers. 
    2. Complete a privacy impact assessment prior to changing or implementing any administrative practice or information system relating to the collection, use, and disclosure of individually identifying health information;  
    3. Take reasonable steps to inform the patient of:   
      1. The purpose for which the information is collected;  
      2. The specific legal authority for the collection; and   
      3. The contact information for an individual who can answer the patient's questions about the collection.   
    4. Retain patient records for: 
      1. A minimum of 10 years following the date of the last service provided; or 
      2. In the case of minor patients, until the patient is 20 years of age or for 10 years, whichever is longer.  
    5. Provide a copy of the clinical and financial record to the patient or their authorized representative upon request and with appropriate consent in accordance with legislation.  
  7. When acting as a custodian while employed by a non-custodian:  
    1. Clearly communicate the dental hygienist's legal obligations as a custodian to the employer;  
    2. Review the employer’s policies and procedures relating to the collection use, disclosure, retention, security, and disposal of health information and ensure the policies align with legislation; and 
    3. Collaborate with the employer to ensure that legislated requirements specific to health information and the dental hygienist’s obligations as a custodian are met and reflected in the employer’s policies and procedures.  

Patient Expectations

The patient can expect the dental hygienist to maintain and securely keep all records pertaining to the patient in accordance with policies and procedures that are compliant with applicable legislation. 


AFFILIATE: As defined by section 1(1)(a) of the Health Information Act, means an individual or organization employed by a custodian, or a person or entity that performs a service for a custodian as an appointee, volunteer or student, or under a contract or agency relationship with the custodian.  

CUSTODIAN: An organization or entity defined in section 1(1)(f) of the Health Information Act or designated in section 2 of the Health Information Regulation. Dental hygienists are designated as custodians in the Health Information Regulation.  

HEALTH INFORMATION: Defined in the Health Information Act as one or both of the following:  

  1. Diagnostic, treatment and care information  
  2. Registration information 

LEGISLATION: Federal or provincial acts, regulations, or codes. 

RECORD: As defined in the Health Information Act, means a record of health information in any form and includes notes, images, audiovisual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers, and any other information that is written, photographed, recorded, or stored in any manner, but does not include software or any mechanism that produces records.