Canadian Healthcare Technology Logo
  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us

GE Revolution Ascend

GE Revolution Ascend

Enovacom EPC

Enovacom EPC

Privacy & Security

Jill Clayton

Alberta privacy commissioner investigates big breach

February 5, 2014


EDMONTON – Alberta’s Information and Privacy Commissioner has confirmed that she will launch an investigation into the Medicentres privacy breach, as well as a broader review of the way breaches are reported in the health sector.

“This incident raises concerns about how privacy breaches are reported generally,” said privacy commissioner Jill Clayton (pictured). “Therefore, in addition to the Medicentres investigation, we will also be conducting a thorough review of the broader issue of privacy breach reporting by the health sector in Alberta.”

In January, Alberta Health Minister Fred Horne announced that a laptop containing the name, date of birth, provincial health card numbers, billing codes, and diagnostic codes of 620,000 Albertans was stolen in September. It is said to be largest breach of privacy in Canada.

Horne said he received a letter from the vice president of Medicentres Family Health Care Clinics informing him of the theft, which the company learned about on Oct. 1, 2013. “I’m quite frankly outraged that this would not have been reported to myself or my department sooner,” said Horne.

Medicentres said the laptop belonged to an IT consultant working for the company. Dr. Arif Bhimji, chief medical officer with Medicentres Canada, says the IT consultant was working on an app at the time.

“Immediately upon learning of this theft, Medicentres contacted the Edmonton Police Department and the Office of the Information Privacy Commissioner in Alberta,” read the company’s statement.

Clayton explained why the theft of the laptop was not reported to the health minister until nearly four months after it happened.

“Currently, there are no provisions under Alberta’s Health Information Act (HIA) requiring a health custodian to report a breach to my office or notify affected individuals.”

“When we do receive reports of this nature, it is done on a voluntary basis. Decisions about when and if affected individuals will be notified of a breach are the responsibility of the custodian. I have no authority to require custodians to notify affected individuals,” Clayton said.

She explained that when a breach is reported to the Office of the Information and Privacy Commissioner of Alberta (OIPC), it works with the party to assess the risk and makes recommendations on how the group should handle it and prevent future breaches.

“When there is the potential for harm to individuals, it is always our practice to recommend immediate, direct notification to all affected parties.”

Clayton said the Health Information Act prohibits the privacy commissioner from releasing any information obtained in performing her duties.

She explained that, under Alberta’s private sector privacy law, if there is a risk of significant harm to an individual, organizations must report a breach of personal information to the Privacy Commissioner. In that case, Clayton said she can force the organization to notify all those affected.

Clayton said she has advocated for mandatory breach reporting and notification provisions to be added to the FOIP.

John Russo, chief privacy officer for Equifax Canada, called this the biggest breach of privacy in Canadian history. “From our experience, this is the biggest one in Canada,” he says. “Last year, student loans had a loss of 550,000 Canadians. This beats it by 70,000.”

In October, he says Equifax noticed about a five per cent increase in identity thefts in Alberta, but cannot say for certain if the trend is related to the laptop theft.

Russo believes the information contained on the stolen laptop would be enough to do damage. “With sophisticated fraudsters, a name and a date of birth, they can do some serious harm to consumers. Just with that information alone, they can set up fake IDs, start applying for credit in your name, stealingyour identity.”

“At a minimum, consumers should at least put a credit alert on their file… to notify credit granters that their ID has been lost, stolen or compromised.”

However, Mike Berezowsky with Service Alberta, disagrees.

“The information included name, date of birth, and the health care card number, as well as some additional billing information – none of that is the kind of thing that, alone, would get you a driver’s license or an Alberta ID card.”

Service Alberta says government-issued photo ID is required to get identification in another name. A facial recognition system is also used.

PreviousNext

WP 900×150

WP 900x150

News and Trends

  • RACE streamlines patient journey
  • Healthcare supply chain needs a re-think, observers say
  • EDI spots pricing anomalies in Ontario’s healthcare supply chain
  • AI centres of excellence and companies collaborate on apps
  • Talking Stick: New hope for Indigenous mental healthcare
More from the Print Edition

Subscribe

Subscribe

Free of charge to Canadian hospital managers and executives in nursing homes and home-care organizations. Learn More

Follow us on Social Media!

Follow us on Social Media!

CAN Health Network

CAN Health Network

Nihi Data [Winter 2023]

Nihi Data [Winter 2023]

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

CHT print-200×400

CHT print-200x400

WP 900×150

WP 900x150

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

CHT print-200×400

CHT print-200x400

Contact Us

Canadian Healthcare Technology
1118 Centre Street, Suite 207
Thornhill, Ontario, Canada L4J 7R9
Tel: 905-709-2330
Fax: 905-709-2258
info2@canhealth.com

  • Quick Links
    • Current Print Issue
    • Print Archive
    • Events
    • Vendors
    • About Us
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Resources
    • White Papers
    • Writers’ Guidelines
    • Privacy Policy
  • Topics
    • Administrative Solutions
    • Clinical Solutions
    • Companies
    • Continuing Care
    • Diagnostics
    • Education & Training
  •  
    • Electronic Records
    • Government & Policy
    • Infrastructure
    • Innovation
    • People
    • Privacy and Security

© 2023 Canadian Healthcare Technology

The content of Canadian Healthcare Technology is subject to copyright. Reproduction in whole or in part without prior written permission is strictly prohibited. Send all requests for permission to Jerry Zeidenberg, Publisher.

Search Site

Error: Enter a search term

  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us