Alberta has its Personal Information Protection Act, which is not significantly different than PIPEDA. Alberta is unique in that, instead of individual covered entities, the province’s entire health system is considered the Health Information Custodian.
British Columbia’s provincial law is called the Personal Information Protection Act. BC is one of only two provinces that do not allow PHI to be saved in the USA, even when encrypted.
Manitoba does not have its own provincial law, so only PIPEDA applies here.
New Brunswick’s law is the Personal Health Information Privacy and Access Act.
Newfoundland and Labrador are covered under the Personal Health Information Act.
Nova Scotia’s provincial law is the Personal Information International Disclosure Act . Like British Columbia, Nova Scotia forbids storing patient data in the USA, even if encrypted.
Ontario’s law is called the Personal Health Information Protection Act. It provides for several different classifications of service providers, so it’s important to know into which category a particular vendor might fit.
Prince Edward Island does not have its own provincial law, so only PHIPA applies here.
Quebec has passed An Act Respecting the Protection of Personal Information in the Private Sector, in addition to a couple of other laws that make Quebec unique and significantly different from other provinces.
Saskatchewan does not have its own provincial law, so only PHIPA applies here.
The Northwest Territories, Nunavut, and Yukon are territories, not provinces, so only PHIPA applies in these areas.
* British Columbia has several laws that govern privacy. The one that requires personal data to be stored in Canada is the Freedom of Information and Protection of Privacy Act (which applies to public bodies). Under section 30.1(a) there appears to be allowance for storing personal information outside of Canada as long as the individual has consented. NousTalk is PIPA compliant.