Privacy & Security
Audit reveals snooping into patient charts
May 20, 2015
ORILLIA, Ont. – Three employees of Orillia Soldiers’ Memorial Hospital are no longer working at the medical centre, while another employee is under further investigation, after they were caught snooping into the health records of over 50 patients over the past five years. All four privacy breaches were identified through routine hospital audits.
“Curiosity was the reason. Through our investigation into this matter, (the hospital) is confident that the access information was not shared,” hospital spokesperson Terry Dyni told the Toronto Star. In the worst case, a clerk looked at 43 patient records.
The hospital informed the Office of the Information and Privacy Commissioner of Ontario of the large breach, but not about the three smaller ones. Police were not informed of any.
“As it’s not mandatory to notify the (privacy commissioner) of all breaches, hospitals have to make a judgment call as to when it is appropriate to notify. The tendency moving forward will be to notify more often than not, and we are currently addressing that in our policy that’s under revision,” Dyni said.
All four employees have been disciplined. Dyni said he was not at liberty to discuss specifics of the disciplinary action, but noted that three of the clerks are no longer working at the hospital.
The fourth is being “monitored closely,” he said.
In two of the smaller cases, clerks snooped into the files of four patients, including ones they were related to. All affected patients have been informed.
Dyni said the hospital is taking steps to help prevent privacy breaches in future. It is bringing in a new electronic medical record system this year, which has better controls on patient access. In addition to providing new employees with privacy training, workers are also receiving mandatory annual training.
“(The hospital) takes patient privacy very seriously. We are committed to (the) Personal Health Information Protection Act and will do everything we can to ensure patient information is protected,” he said.