Privacy and Security

DISCLAIMER: these resources have been developed to assist custodians under Newfoundland and Labrador Personal Health Information Act (PHIA) in developing the policies and procedures under the legislation.  The Act defines in part a “custodian” as a health professional or health care provider who are not employees or agents of the Provincial Health Authority, Newfoundland and Labrador Health Services (NLHS), or another Custodian as defined under the Act.

Examples of healthcare professionals and providers who are custodians include, but are not limited to:

  • a fee-for-service physician working in the community;
  • a nurse practitioner who is the operator of a private practice

Examples of healthcare professionals and providers, who are not custodians, include, but are not limited to:

  • a physician or healthcare professional and provider who is an employee or a contracted agent of NLHS;
  • a physician or healthcare professional and provider who is an employee in a private practice operated by a custodian under PHIA (e.g. Workplace NL)

Employees and contracted agent of NLHS should refer to the appropriate Privacy and Security Policies and Procedures under the NLHS which can be contacted at: or

eDOCSNL has developed privacy and security resources to assist custodians and their staff in meeting their privacy and security responsibilities.  To support all eDOCSNL participants in maintaining policies and procedures that meet the requirements PHIA, their regulatory bodies, including the Newfoundland and Labrador College of Physicians and Surgeon’s (CPSNL) Standard of Practice: Medical Records Documentation and Management (2023), eDOCSNL Privacy and Security Resources should be utilized to develop a clinic’s privacy and security program. The following resources are available for adoption and use:

DocumentContent Overview
Steps in Creating a Privacy and Security Policy ManualAdvice on creating Privacy and Security policies for providers and clinics
Sample Privacy and Security ManualA privacy and security manual template for providers and clinics who do not have existing materials for this or need supplementary materials
Privacy and Security ChecklistsInformation management and privacy related checklists for providers and clinics
Agreement TemplatesPrivacy-related agreement templates that can be used between providers and with external third parties
Form and Letter TemplatesTemplates that can be used for privacy and security related letters and forms if needed by clinics and providers
Reference ManualSupport manual for providers and clinics with privacy and security information and advice
Privacy PosterNotice to patients regarding the collection and management of Personal Health Information

If at any time you have questions about the development of our resources or implementing privacy and security policies in your practice, please contact us at

EMR Auditing

Audit Log Functionality

Auditing Access for EMR Users