ST. JOHN’S, Nfld. & Labrador – Earlier this month, Eastern Health said an administrative employee breached privacy by prying into the files of about 20 clients. Beverley Clarke (pictured), vice-president of privacy for Eastern Health, said management was informed of the breach from another employee who performed due diligence and filed an occurrence report.

“The employee in question had provided her with information that she felt she couldn’t have gotten, unless she had looked at somebody else’s medical record,” Clarke told CBC radio. “This sparked us to do a full investigation, and then we proceeded with dealing with the issue,” she said. The employee has since resigned.

This latest breach of privacy is the fifth to come to light at Eastern Health since 2012. In July 2012, Eastern Health dealt with the largest privacy breach in the province’s history. Five employees were fired. The authority said one nurse deliberately accessed 122 medical records she was not permitted to see.

In September of the same year, the authority revealed that the records of 46 patients at an unnamed rural clinic had been inappropriately accessed by two clerks, one of whom was fired. The other resigned.

In April 2013, the authority reported two separate incidents in which briefcases were stolen from vehicles. One contained a patient chart and notes on 62 patients, while the other contained information on two patients.

Clarke said Eastern Health is committed to training its employees, but indicated that some in the workforce don’t understand how significant the issue is. “All 13,000 employees, I guess, truly do not understand yet that in fact this is inappropriate,” Clarke said.

“So we continue our education, our training. Everybody has to sign an oath. We’re doing the random audits. We have to keep moving it forward, to really keep getting the message out there”.

Clarke said the health authority has a software audit management package that regularly, but randomly audits all employees of Eastern Health.

“In this particular case, the employee was looking up information related to friends and family – but those particular things were not picked up” [by the software]. Clarke said the health authority has been in contact with the affected patients.