Consolidated Statutes and Regulations
Consolidated Statutes
Consolidated Regulations
Annual Statutes and Regulations
Annual Statutes
Annual Regulations
Additional information
Québec Official Publisher
What’s new?
Information note
Policy of the Minister of Justice
Laws: Amendments
Laws: Provisions not in force
Laws: Provisions brought into force
Annual Statutes: PDF versions since 1996
Regulations: Amendments
Annual Regulations: PDF versions since 1996
Court Decisions
R-22.1 - Act respecting health and social services information
Section 77
Disposition versions
Not in force
77. A body may communicate information it holds to a person or group to whom or which it entrusts the carrying out of a mandate or with whom or which it enters into a contract of enterprise or for services, other than a contract for the provision of health services or social services, if the information is necessary for carrying out the mandate or performing the contract.
Such a mandate or contract must be, as applicable, given or entered into in writing and, where it is given to or entered into with a person or group that is not a body, it must, on pain of nullity, set out
(1) the provisions of this Act that apply to the information communicated to the mandatary or the person performing the contract;
(2) the measures to be taken by the person or group to ensure, at all times throughout the carrying out of the mandate or performance of the contract,
(a) that the confidentiality of the information is respected;
(b) that the information is protected, which measures must comply with the information governance rules referred to in section 90 and the special rules defined by the network information officer under section 97; and
(c) that the information is used only for carrying out the mandate or performing the contract; and
(3) the following obligations to be complied with by the person or group that carries out the mandate or performs the contract:
(a) send to the body, before any communication, a confidentiality agreement completed by every person to whom the information may be communicated or who may use it in carrying out the mandate or performing the contract;
(b) use only technological products or services authorized by the body to collect, keep, use or communicate the information where the mandate is carried out or the contract is performed remotely;
(c) immediately notify the person in charge of the protection of information within the body of any violation or attempted violation by any person of any of the obligations relating to the protection of information that are provided for by the agreement;
(d) allow the body to conduct any verification or investigation relating to the protection of the information;
(e) send to the body, free of charge and whenever it so requires, all information obtained or produced in carrying out the mandate or performing the contract; and
(f) not keep the information at the end of the mandate or contract, and destroy it in a secure manner.
A person or group that retains a third person to carry out a mandate or perform a contract of enterprise or for services must notify the body concerned. The third person is subject to the same obligations as those imposed on the person or group in accordance with the second paragraph. However, the third person must send the person or group the confidentiality agreement required under subparagraph a of subparagraph 3 of the second paragraph and the notice required under subparagraph c of that subparagraph.
