Privacy & Security
Rob Ford’s medical records breached again
February 18, 2015
TORONTO – Health professionals at the University Health Network have been caught snooping into former mayor Rob Ford’s (pictured) medical records, the second time it has happened at the large, Toronto health facility, and the fourth time overall.
The Toronto Star reported earlier this month that the University Health Network (UHN) notified the provincial privacy commissioner of a fourth breach of Ford’s medical records since his cancer diagnosis last September.
Acting privacy commissioner Brian Beamish said in a written statement that the latest privacy violation was extremely troubling because it meant the earlier breaches had clearly not acted as a deterrent to nosy employees.
High-profile individuals could be “particularly attractive targets to snoopers,” Beamish said, adding that the recent breach must motivate hospitals to be even more vigilant on privacy.
The fourth breach of Fords records highlights the importance of upgrading Ontarios health privacy laws to include mandatory reporting of serious breaches to the privacy commissioner.
A recent Star investigation found the majority of health-related breaches go unreported to the privacy office, sparking calls for legislative change by Beamish.
Ontario used to be at the forefront of health privacy laws, but now it is one of the last jurisdictions in the country to amend its legislation to include mandatory reporting to the privacy commissioner.
Dr. Eric Hoskins, Minister of Health and Long Term Care, did not respond to questions from the Star Wednesday about whether he would consider changing health privacy laws to include mandatory reporting.
The privacy commissioner was notified of each of the four breaches of Fords medical records, but under current law hospitals can handle privacy violations behind closed doors – and even fire staff – without informing the regulatory body. Eight jurisdictions have recently amended their health privacy laws to fix this problem, which has been described as a dangerous oversight in the legislation.
Ford’s personal health information was first inappropriately accessed at Humber River Regional Hospital, where his cancerous tumour was found. His file was then opened without authorization at Mount Sinai Hospital, where he was transferred for chemotherapy.
Ford’s medical file was also snooped into by UHN hospital staff last September – and his records were targeted again by seven UHN staff at Princess Margaret Cancer Centre in February.
“This is a very disappointing development in light of the other health information privacy breaches that have occurred over the last year, which should have also served as a cautionary tale,” Beamish said.
The Star has recently uncovered a number of health-related privacy breaches, including an anti-abortion activist who inappropriately accessed more than 400 abortion files at Peterborough Regional Hospital.
Earlier last year, the Star also unveiled two major hospital privacy breach cases involving thousands of patients. In one case, hospitals inappropriately provided patient information to baby photographers. In another, hospitals were handing out patient contact information to private marketing companies.
In a written statement Wednesday, Hoskins said patients deserve to know their care providers were meeting privacy obligations. “This is fundamental to maintaining patients trust in our healthcare system,” he said.
Hoskins asked the ministry to follow up with the UHN after being notified of the latest Ford privacy breach.
The UHN, which is responsible for four major hospitals in Toronto, reported 132 privacy violations last year, according to information obtained under the Freedom of Information Act.
UHN spokesperson Gillian Howard would not disclose which records were inappropriately accessed during Rob Fords privacy breach, because, she said, information about individual patients is never released.
She would not tell the Star what roles the snooping staff members hold at the hospital, because, she said, UHN does not release information that could identify employees in disciplinary matters.