Privacy & Security
Island Health fires two over privacy violations
December 17, 2014
VICTORIA – Vancouver Island’s health authority says it has fired two employees who looked at more than 100 patients’ private healthcare records to satisfy their curiosity. Island Health says the employees looked at 112 electronic health records of patients with whom they had no care relationship.
The health authority is apologizing to those affected by the privacy breach after its investigation concluded, said Dr. Mary Lyn Fyfe, chief medical information officer for Island Health.
“It is extremely disappointing and completely unacceptable that staff members would breach a patient’s right to privacy, and it is a total violation of the confidentiality acknowledgement that must be signed by each of our employees and physician partners,” said Fyfe.
“It also violates the trust people place in us. First and foremost, we sincerely apologize to those directly impacted by this, but we also apologize to all our clients, patients and residents.”
The investigation began after Island Health’s Information Stewardship, Access and Privacy office was advised in early October of an allegation of inappropriate access to personal information. As part of the investigation, immediate steps were taken to ensure the employees’ access to any personal or confidential information was revoked. The BC Office of the Information and Privacy Commissioner was notified.
Access to patient records for reasons other than an authorized work-related purpose directly contravenes Island Health’s Terms of Employment. All employees receive information regarding their obligations and sign the required written confidentiality undertaking as a condition of employment with Island Health. This policy in part states: “Individuals will be held accountable for breaches of confidentiality.”… [including] “…intentional and unauthorized access to, use and/or disclosure of, confidential information.
If it is established that a breach of confidentiality has occurred, those individuals deemed responsible may be subject to penalty or sanction up to and including termination of employment, cancellation of contract or services, termination of the relationship with VIHA, withdrawal of privileges and/or legal action.
Island Health’s confidentiality policy further sets out specific examples of behaviours that are a breach. This includes “unauthorized reading of a patient’s chart” and “accessing information on yourself, children, family, friends or co-workers” when the employee does not need to see or know that information to do their job.