Privacy statement
Covenant Health is committed to respecting your privacy and protecting your personal and health information. Trust is essential to providing safe, compassionate care and we take our responsibility to protect your information seriously.
This privacy statement explains:
what information we collect
why we collect it
how we use and share it
how we protect it
your rights and choices
This statement reflects our obligations under Alberta’s Health Information Act (HIA), Protection of Privacy Act (POPA) and Access to Information Act (ATIA).
Who we are
Covenant Health is a publicly funded Catholic health care organization, a custodian of health information under HIA and a public body under POPA. We provide acute care, continuing care, community care, research and support services across Alberta.
When we say “we,” “us,” or “our,” we mean Covenant Health.
What information this statement covers
This statement applies to:
health information (information about your physical or mental health, health services you receive, or eligibility for care)
personal information (information about an identifiable individual)
Examples include:
name, address, contact details
Alberta Health Care Insurance Plan number
medical history, test results, diagnoses
care plans and treatment records
employee and physician information (where applicable)
This statement does not replace more specific notices you may receive in certain programs or care settings, such as research consent forms.
How we handle your information
-
Covenant Health is accountable for protecting the information in our custody or control.
we have a Chief Privacy Officer responsible for our privacy management program and compliance with applicable privacy legislation.
we maintain privacy policies, procedures and guidelines.
our workforce receives ongoing privacy education.
privacy considerations are integrated into our clinical, administrative and digital systems.
when we use service providers to perform services on our behalf, we remain responsible for the protection of personal or health information and require them to meet our privacy and security requirements.
-
We collect, use and disclose information only for defined and lawful purposes, including:
Providing care
delivering safe, high‑quality health services
coordinating care among health care providers
supporting continuity of care
System operations
scheduling, registration and billing
quality improvement and patient safety
risk management and accreditation
workforce administration
Legal and public responsibilities
meeting requirements under HIA, POPA, ATIA and other laws
public health reporting
responding to lawful requests from regulators or oversight bodies
Research and education
health research (with ethics approval and appropriate safeguards)
teaching and training health professionals
-
Implicit consent for care
In most cases, your consent to collect and use your health information is implied when you seek or receive care.
Express consent
We will seek your explicit consent when required by law, including:
certain disclosures outside the care team
participation in research
uses not directly related to care or operations
Withdrawing consent
You may withdraw consent where permitted by law, though this may limit our ability to provide services or meet legal obligations.
-
We collect only the information necessary to fulfill our identified purposes.
Information may be collected:
directly from you
from other health care providers
through clinical systems and diagnostic tools
from authorized provincial systems or registries
-
Use and disclosure
We use and disclose information only:
for the purposes identified
with your consent, where required
as authorized or required by law
Information may be shared:
with other members of your care team
with service providers working on our behalf
with health system partners where authorized
with researchers (with appropriate approvals)
with government or public sector bodies where legally required
We do not sell personal or health information.
-
We retain information:
for as long as required to deliver care
to meet legal, regulatory and clinical requirements
in accordance with approved retention schedules
Information is securely destroyed when no longer required.
-
We take reasonable steps to ensure information is:
accurate
complete
up to date
You can help by informing us of changes to your information.
-
We protect information using administrative, physical and technical safeguards, including:
secure clinical and administrative systems
role‑based access and least‑privilege controls
encryption and cybersecurity monitoring
secure facilities and records storage
vendor privacy and security requirements
Access to information is limited to those who need it to perform their duties.
-
We are committed to openness and transparency in how we manage information.
You may:
review this Privacy Statement to understand how we handle information.
ask questions about how your information is collected, used, disclosed and protected.
request more detailed explanations of specific information handling and privacy practices, including our Privacy Management Program Framework.
some of our clinical and administrative systems use automated tools to support care delivery and operational processes. We are committed to being transparent about the use of these systems and apply appropriate safeguards and human oversight to help ensure information is used lawfully, responsibly and in a manner consistent with our obligations under privacy legislation.
Online privacy
Any information collected (such as the Internet Protocol address assigned by your Internet service provider, the settings of the web browser installed on your computer and pages accessed on our website) may be used internally by Covenant Health in an aggregate form, to help manage and improve the content of the website and to diagnose technical problems of the website, with the objective to better serve you
The Covenant Health website uses cookies to collect anonymous statistical information such as browser type, screen size, traffic patterns and pages visited. This information helps provide better service. Covenant Health does not store personal information in cookies. You can change the settings on your web browser to deny cookies if desired.
This website contains links to other sites. Covenant Health is not responsible for the content and privacy policies of other websites. It is recommended that you read their privacy statements to find out how they track and use your information.
Your rights
You have the right to request*:
access to records we hold about you
corrections, if information is inaccurate or incomplete
manuals, handbooks and other guidelines used by Covenant Health employees in decision-making processes that affect the public are available without making a formal access request
if the information you are seeking is not available through routine disclosure, you may submit a formal access request under the Access to Information Act and we will respond in accordance with legislated timelines and requirements
*Some access may be limited as permitted by law (for example, information subject to legal privilege or third‑party privacy).
Challenging compliance
If you have questions or concerns about privacy, or wish to make a complaint, you may contact us.
Please note that all complaints must be submitted in writing. If your concern is not resolved, you may contact the Office of the Information and Privacy Commissioner of Alberta.
Statement updates
We may update this statement to reflect changes in law, technology, or our practices. The most current version will always be available on our website.
Contact
Phone
Mailing address
Covenant Health Information and Privacy Office
One Twelve Campus
10130 112 Street NW
Edmonton AB T5K 2K4