Judy Dandurand
Access and Privacy Officer
204-474-8339
Access and Privacy Office
The Access and Privacy Office is responsible for the implementation of the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Act (PHIA) at the University of Manitoba. The office responds to all information requests for UM, investigates breaches of personal or personal health information and provides FIPPA and PHIA training to UM staff, students and associates.
Access and Privacy Office
Our services
Application for access to information
The University of Manitoba is committed to the principles of access to information outlined in the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Act (PHIA). These acts provide the public the right of access to records in the custody or under the control of UM and its colleges.
Records covered by FIPPA and PHIA at the University of Manitoba
FIPPA and PHIA applies to all records in the custody or under the control of UM and its colleges, but does not extend to information that may be considered exempt from disclosure, such as teaching or research materials, or a question that is to be used on an examination or test.
How to apply for access to UM records (non-health records)
Request for access to general information and an individual’s own personal information may be made either informally to the holding office, or formally to the Access and Privacy Office. For formal request please complete the Application to Access form (PDF).
A formal Access to Information request is required if:
- You are requesting access to:
- Confidential information
- Personal information concerning an individual who is not named as a requestor
- Third-party business information
- The holding office has doubts about whether the information should be released
- You are not satisfied with the information you have received informally and are requesting additional information
How to apply for access to my health records
Requests for access to personal health information should be made to the office where the individual believes the records containing their personal health information are held.
No special forms are required if the individual is making a request for their own personal health information, but the request should be in writing. The written request must contain the name of the individual requesting the record(s), address, phone number, signature and date of the request.
Prior to permitting an individual to examine or receive a copy of their personal health information, UM will need to confirm their identity through photo or other appropriate identification.
Anyone seeking access to the personal health information of another individual must submit a written request to the Access and Privacy Office.
Information for applicants
After you submit your request
You will be sent an acknowledgement letter that specifies the date your request was received by the university. The wording of your request is mailed to the address supplied on your application form within the first five to seven days of the application process.
If the wording of your access request is modified based on conversations with the university after your application is submitted, a clarification letter will be sent to you detailing the changes made to the original wording of your request.
Who will know that I submitted an application for access at the university?
The Access and Privacy Office staff is obligated to protect your privacy during the access requests process, so your identity will only be shared with other university staff member(s) if your identity is required in the retrieval of the records you have requested.
If your identity needs to be shared, it will only be shared with the minimum amount of people required to complete the application for access.
Fees
There is no charge to submit an application for access. However, there are fees that may be applied to your application. If any of the following scenarios apply, a fee estimate letter will be sent to you.
- All access requests are allotted two free hours of search and preparation. A fee of $15 per 30-minutes will be charged to access requests that take longer than two hours.
- Computer programming and data processing fees of $10 per 15-minutes if internal programming or data processing is required, or the actual cost of external programming or data processing is incurred by the university.
A fee estimate puts the application process on hold until payment is received by the university. Therefore, the deadline to respond to your request will be delayed.
What happens if I receive a fee estimate, but I am unable or unwilling to pay it?
If you are unable to or do not want to pay the fee estimate, please contact the Access and Privacy Office to discuss your concerns. We may be able to help you narrow the scope of your access request in order to decrease the fees, or eliminate them entirely.
If the fee is not paid, and/or the Access and Privacy Office is not contacted to discuss the fee estimate, the file will be considered abandoned and closed 30 days after the last contact.
Response time
The university is required to respond to your access request within 45 calendar days of receipt of your application for access unless a time extension has been taken. The date the university received your application will be included in the acknowledgement letter sent to you.
FIPPA allows the public body to take a 30-day time extension under certain circumstances, which is outlined under subsection 15(1) of the Act.
For example, if a large number of records are requested which would unreasonably interfere with the operations of the university, or if the university needs to consult with a third party or another public body before deciding whether or not access will be granted to the record(s), the university can take a 30-day extension.
It has been 45 days since I sent in my application, and I have not received a response. What should I do?
Unless a notice for a time extension was sent to you, the university has 45 calendar days from the day they received the application for access to complete your request. Please allow two to three business days after the 45-day deadline to see if a response arrives in the mail. If nothing arrives, contact the Access and Privacy Office to inquire on the status of your request, either by phone (1-204-474-9462) or by email: fippa@umanitoba.ca.
Your access request decision
You can contact the Access and Privacy Office by phone (1-204-474-9462) or by email at fippa@umanitoba.ca to discuss your questions or concerns about the university's decision regarding your request.
How do I make a complaint about my access request?
Subsection 59(1) of The Freedom of Information and Protection of Privacy Act provides that you may make a complaint about the university's decision regarding your request for access to the Manitoba Ombudsman's Office. You have 60 days from the receipt of the university's decision letter to make a complaint.
Access requests
November 2024
'm looking for records or documents relating to the School of Medicine's admissions interview process. Specifically, I'm looking for:
- Records or documents given to or used in the training of interviewers
- Records or documents given to or used to brief applicants before, on or after interview day
- Records or documents used to mark or grade applicants at interview stations (rubrics, grading scales, etc.)
- Records or documents used to guide marking of applicants at interview stations
- Records or documents detailing the composition and demographics of interview evaluators (e.g., # of medical students, residents, physicians, community members)
- Records or documents outlining how interview scores are standardized across - different interviewers or prompts
- All interview station prompts/questions for the past ten admission cycles
- Records or documents related to the development or review of potential interview prompts/questions
Date range: 2014 to 2024
The vast majority of large public bodies use a records/data management system to track and manage FOI requests. We are seeking access to the following fields:
1. Identifier: The request number or unique identifier for each request.
2. Summary: The most detailed request text available in the tracking system, be that the full request text or a summary written by an FOI coordinator.
3. Date received: The date each FOI was received.
4. Date completed: The date each FOI was completed.
5. Disposition: The disposition for each FOI (records granted in full, in part, denied, etc.).
6. (Not mandatory) Department, division, body or entity: If your tracking system provides detail on which part of your organization is being targeted with a request, we would like this information. For example, some municipalities process FOIs for local transit and police services. Similarly, Ontario's Ministry of the Solicitor General handles requests for the Ontario Provincial Police, and various provincial health authorities handle requests on behalf of many hospitals. If this is the case for your organization and you can distinguish these entities with a field, that is helpful. If this information is not readily available, please disregard this part of our request. You do not need to contact us for permission to disregard this field.
We are seeking the above information for FOIs that were completed between July 1, 2023 and June 30, 2024.
We are only seeking access to data from general records requests, not personal records requests. (For example, we do not want information on requests from people asking for their own police or health file.)
We are not seeking access to information about FOIs that are not yet completed, or FOIs that were withdrawn, abandoned, or transferred to another institution. In rare instances, institutions are consulted on FOIs received by other institutions, and this interaction is captured in their tracking systems. We are not interested in requests that your organization does not have custody of. If you cannot easily filter out these unwanted requests - incomplete, withdrawn, abandoned, transferred, consultations - that's fine. Send us what you have. You do not need to check with us about this.
For more information regarding fees, timelines and what to expect when you submit an access to information request to the University of Manitoba contact the Access and Privacy Office at fippa@umanitoba.ca.
Freedom of Information and Protection of Privacy Act (FIPPA)
The University of Manitoba is committed to the principles of access to information and the protection of privacy outlined in the Freedom of Information and Protection of Privacy Act (FIPPA).
How FIPPA affects the University of Manitoba
- The public has a right of access to UM records (subject to specific exceptions).
- The public has a right to request corrections be made to their own information held at UM.
- UM must securely collect, store, share and dispose of personal information.
- Set defined limitations on the use and sharing of personal information based on minimum amount and need to know for approved and authorized purposes.
- UM’s actions and decisions regarding access and privacy decisions are subject to independent reviews by the Manitoba Ombudsman’s Office.
How to apply for access to university records under FIPPA
Please refer to Application for access and information for more information on requesting access to information under the Freedom of Information and Protection of Privacy Act.
Definition of personal information
Personal information means recorded information about an identifiable individual, including:
- The individual's name.
- The individual's home address, home telephone or email address.
- Information about the individual's age, sex, sexual orientation, marital or family status.
- Information about the individual's ancestry, race, colour, nationality, or national or ethnic origin.
- Information about the individual's religion or creed, or religious belief, association or activity.
- Personal health information about the individual.
- The individual's blood type, fingerprints or other hereditary characteristics.
- Information about the individual's political belief, association or activity.
- Information about the individual's education, employment or occupation, or educational, employment or occupational history.
- Information about the individual's source of income or financial circumstances, activities or history.
- Information about the individual's criminal history, including regulatory offences.
- The individual's own personal views or opinions, except if they are about another person.
- The views or opinions expressed about the individual by another person.
- An identifying number, symbol or other particular assigned to the individual.
Definition of recorded information
Record or Recorded Information means a record of information in any form, including information that is written, photographed, recorded or stored in any manner, on any storage medium, or by any means, including by graphic, electronic or mechanical means, in the custody or under the control of the University of Manitoba.
All records (regardless of format or medium) created, received, used or maintained by officers and employees of the University of Manitoba in the course of their duties on behalf of the university are the property of the university.
Records to which The Freedom of Information and Protection of Privacy Act (FIPPA) applies
FIPPA applies to all records in the custody or under the control of the University of Manitoba and its Colleges, including records containing general information, personal information and personal health information. It does not apply to teaching or research materials, or a question that is to be used on an examination or test.
The Personal Health Information Act (PHIA)
PHIA applies to all records containing personal health information in the custody or under the control of the University of Manitoba.
The purposes of the Act are:
- To provide individuals with a right to examine and receive a copy of personal health information about themselves maintained by a trustee, subject to the limited and specific exceptions set out in this Act.
- To provide individuals with a right to request corrections to personal health information about themselves maintained by a trustee.
- To control the manner in which trustees may collect personal health information.
- To protect individuals against the unauthorized use, disclosure or destruction of personal health information by trustees.
- To control the collection, use and disclosure of an individual's PHIN.
- To provide for an independent review of the decisions of trustees under this Act.
Obtaining access under the Act
Under the Act, a person has the right to examine and to receive a copy of his or her personal health information (PHI) subject to the exceptions of PHIA. At UM, PHI may be held by a faculty, department, division, program, centre or service, health care unit or health services agency.
A request to access your own PHI must first be made by contacting the unit or office where you believe the records are held. You may be asked to put the request in writing and it should include your name, address, phone number, signature and date of signing. Please note that prior to being allowed to examine your record, the office that holds the record must confirm your identity through photo or other appropriate identification.
If you are requesting PHI on behalf of another person, you will be referred to the Access and Privacy Office and you will be asked to provide a written request. Prior to the release of any information, the Access and Privacy Office, and if necessary, the Office of Legal Counsel, will require you to verify your identity.
Before a record containing PHI is released for viewing, the office holding the record and/or the Access and Privacy Office will first review the record under the provisions of the Act. If the record does not contain any third party or otherwise confidential information, the record may be examined in the office that holds the record. A copy may be provided if requested.
Personal health information
Personal health information means recorded information about an identifiable individual that relates to:
- The individual's health or health care history, including genetic information about the individual.
- The provision of health care to the individual.
- Payment for health care provided to the individual, and includes the personal health information number (PHIN) and any other identifying number, symbol or particular assigned to an individual, and any identifying information about the individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care.
PHIA and privacy training
Click on the headings below to determine which training session you are required to complete.
Online training modules for users who cannot access content in UM Learn.
Please email fippa@umanitoba.ca if you have any questions about what training you should complete.
General online PHIA training
General University of Manitoba PHIA training for employees, contractors, students or affiliates who have or will have access to personal health information. Personal health information includes doctor’s notes, diagnosis, medical accommodations and records, etc.
Register for the General Online PHIA training
At the end of the training module, follow the instructions to download, complete and submit the pledge. Please ensure to click 'Submit' so our office will be notified of your completion.
General online privacy (FIPPA) training
General privacy (FIPPA) training for employees, contractors, students or affiliates who have or will have access to personal information. Personal information includes names, contact information, financial information etc.
Register for the General Online Privacy Training
At the end of the training module, follow instructions to download, complete and submit the pledge. Please ensure to click 'Submit' so our office will be notified of your completion.
Online PHIA Training for Researchers (research projects, REB compliance/proposals)
Privacy Training Requirements for Research
All individuals involved in a UM research project that collects Personal Health Information MUST complete this training, even if the individuals involved with the research project are not employed by or are a student of the University.
This new Privacy Training for Researchers course replaces the previous PHIA Training module for researcher.
The successful completion of the Privacy Training for Researchers course will satisfy the Research Ethics Boards (REB) requirements for PHIA training.
Delivery Methods
via UM Learn: For those involved in a UM research project who have a UMNetID (students, staff, faculty), please complete Privacy Training for Researchers in UM Learn.
To access the course, Login to UM Learn and do either of the following.
- Select the Self Registration menu item. Click on Privacy Training for Researchers.
- OR, On UM Learn home page, scroll down to 'My Courses'. (Note: You may need to select "View All Courses" to see all your available courses.) Click on 'Privacy Training for Researchers and WRHA PHIA'. From the Content menu/Content Browser, click on 'Privacy Training for Researchers' course.
via Website: For those involved in a UM research project who do not have a UMNetID (i.e. external collaborators), take the online Privacy Training for Researchers.
Register for the Privacy Training for Researchers
At the end of the training module, follow instructions to download, complete and submit the pledge. Please ensure to click 'Submit' so our office will be notified of your completion.
UM Common Records Authority Schedule
The University of Manitoba's Common Records Authority Schedule has been designed to ensure that all departments across the university classify and retain their common administrative records in a way that ensures operational effectiveness and consistency across the organization.
The UM Common records are classified by below series. Review the Common Records Authority Schedule (CRAS) to know your records classification and retention schedule.
- Capital Assets CRAS
- Community Life CRAS
- External Relations CRAS
- Finance CRAS
- Governance CRAS
- Human Resources CRAS
- Legal CRAS
- Student Services CRAS
- Teaching and Learning CRAS
If your unit has records that do not fall within the common records schedule, please contact us to set up an appointment to review your forms and set up an appropriate records authority schedule.
Requisition Forms
For university staff and faculty, please login to UM Intranet and go to the Records Management site for the procedures, required forms and for more information about managing your records, such as
- Destruction of Records
- Requisition to Transfer Records (RTR)
Policies and procedures
Access and Privacy Policy and procedures
The following Access and Privacy Policy and procedures have been approved by the Board of Governors and replaces the former FIPPA and PHIA Policy and PHIA Procedures, effective June 23, 2015:
Records Management Policy and procedures
The following Records Management Policy and procedures have been approved by the Board of Governors, effective June 23, 2015:
You may also be interested in
Staff resources
Data Sharing and Storage Guidelines:
Quick reference that will help University of Manitoba members and researchers to share and store records using the appropriate tools. Refer to the Data Security Classification for the detailed definitions of the document types.
- Data Security Classification (PDF)
- Data Sharing and Storage Guidelines - University Records (PDF)
- Data Sharing and Storage Guidelines - Research Not Involving Humans (PDF)
More guidelines, including templates, for research can be found on Human Research Ethics at Fort Garry campus webpage.
Contact us
If you need more information or would like to request the information on this website in an alternate format, please contact us.
-
-
Rachelle Ross
Records and Information Officer
204-474-8757 -
Lenny McKay
Access and Privacy Coordinator
204-474-9462 -
Judalyn Leung
Records and Access Analyst
204-474-7559
Access and Privacy Office
233 Elizabeth Dafoe Library
University of Manitoba (Fort Gary campus)
Winnipeg, MB R3T 2N2 Canada