Two employees have been fired from Island Health (formerly Vancouver Island Health Authority) after breaching the privacy of 112 individuals using the agency’s Electronic Health Record system.
Island Health says they have “notified and sincerely apologized to the individuals who were affected by this breach,” adding that if you have not been contacted, it was determined by their investigation that your privacy was not breached by these former employees.
According to Suzanne Germaine, Communication Officer for Island Health, “in this case, these employees chose to use their unauthorized access privileges to the Electronic Health Record to satisfy their personal and medical curiosity about patients with whom they had no care relationship,” but stresses that the public should feel that their medical information is secure.
“There are a number of safeguards in place already to balance the access to the information care providers need to deliver care and services with the need to protect privacy of patients medical information,” Germaine said. These include “passwords, encryption, declaration screens (where a care provider confirms they have a care relationship to the patient), confidentiality agreements, policies and procedures, professional Standards, role based access (access is provided based on the job you have, your functions and need to know), reactive and proactive audits of chart accesses, education to staff, and, of course, compliance with provincial legislation,” she added.
According to the release issued in regards to the breach, “immediate steps were taken to ensure the employees’ access to any personal or confidential information was revoked,” once the allegations were received in early October.
Germaine said it’s now up to the individual patients affected by the breach to decide if they want to pursue any legal action, and said, “Island Health would cooperate with any police investigation,” if any charges are laid by the Crown.
Dr. Mary Lyn Fyfe, Chief Medical Information Officer for Island Health, acknowledges the seriousness of such a situation.
“It is extremely disappointing and completely unacceptable that staff members would breach a patient’s right to privacy, and it is a total violation of the confidentiality acknowledgement that must be signed by each of our employees and physician partners. It also violates the trust people place in us,” said Dr. Fyfe. “First and foremost, we sincerely apologize to those directly impacted by this, but we also apologize to all our clients, patients and residents.”
Anyone with questions about the privacy of their personal medical information can contact Island Health’s privacy intake line at 1-877-748-2290.