Health records breach reported in New Brunswick

MONCTON, N.B. – Health officials in New Brunswick are investigating after they say a physician accessed personal patient information without authorization. The Vitalite Health Network says the alleged privacy breach took place at the Dr. Georges-L.-Dumont University Hospital Centre in Moncton.

The health board issued a statement saying the problem was discovered in February 2013 during a record access audit and a more comprehensive investigation was launched.

It says that investigation has so far found an alleged unauthorized access of records involving 142 patients that took place from Sept. 6, 2010, until Nov. 30, 2012.

The health board says in some cases, information including addresses, phone numbers and dates of birth may have been seen, while in others the employee accessed health record information.

Richard Losier (pictured), the chief operating officer for Vitalite’s Beausejour Zone, says the province’s privacy commissioner has been informed and a letter has been sent to affected patients.

Losier says there is no evidence to suggest the information that was accessed was shared or used in any other manner.

The health board says action will be taken if necessary once the investigation is complete. It did not identify in its statement the physician under investigation.

The compromised information could include the reason a patient was referred, the types of tests or examinations the patient underwent, the results, and the diagnosis, according a three-page letter that was issued. Vitalité CEO Rino Volpé sent a letter to affected patients earlier this month – a year after the breach was discovered, according to a CBC report.

New Brunswick’s Privacy Commissioner Anne Bertrand says her office has received several complaints from affected patients. She is investigating and expects to release a full report on the case within a few months. There could be serious consequences, she said.

Bertrand’s office was notified by Vitalité about the privacy breach last March – one month after the regional health authority became aware of the situation.

“Access abnormalities” were identified during a record access audit conducted last February, according to Beauséjour Zone Chief Operating Officer Richard Losier.

“As soon as we were made aware of the suspected unauthorized access, we immediately undertook an assessment of the situation,” Losier said in a statement.

“We’re extremely disappointed. We’re not taking this lightly at all,” he told reporters. “We’re very serious on what’s being done. We’ve spent hundreds of hours dealing with this case over the last year. We’ve [gone] over thousands of charts.”