Former Manitoba Health employee faces $50,000 fine

WINNIPEG – A former provincial health employee has been charged with snooping into the confidential health records of a family member. According to a source who contacted the Winnipeg Free Press, the man allegedly accessed the personal health information of several members of his own family, including his brother who has since died of cancer, his brother’s wife, and his own children.

The source said all of the health information was looked at “without the consent or knowledge of the victims, and was taken as a massive breach of trust and invasion of privacy.” The accused no longer works for the provincial government.

The Manitoba ombudsman’s office said in a statement the former employee has been charged under the Personal Health Information Act with wilfully and unlawfully gaining access to, or attempting to gain access to the personal health information (of the family member), while he was still working for Manitoba Health.

Ombudsman Charlene Paquin (pictured) said it’s the first time a provincial employee has been charged under the act since it was amended on Dec. 5, 2013, to make it an offence for an employee to gain or try to access another person’s personal health information.

The maximum penalty for the offence is $50,000.

“The personal health information of Manitobans is entrusted to employees and service providers in the healthcare sector across the province,” Paquin said in a statement.

“We believe most healthcare providers respect this trust by using personal health information for authorized purposes. Abusing that trust by intentionally violating the privacy of Manitobans is an egregious matter that has serious consequences.”

A provincial spokeswoman said in the wake of the information breach, Manitoba Health beefed up its policies and procedures and launched a review to check which employees had access to the data and if they really needed to for work purposes.

The spokeswoman said the department now trains staff to ensure they understand privacy rules and the consequences of breaching privacy.

“Employees are only authorized to access information if it is necessary to carry out their responsibilities based on an employee’s defined work requirements.”

The source who contacted the Free Press said that prior to working at Manitoba Health, the accused was a Winnipeg police officer.

In documents provided to the Free Press, victims of the privacy breach were notified by Manitoba Health by letter on Nov. 7, 2014.

The letter, which had in bold print: “Access to your personal health information,” named the person who accessed the records, and said the breach involved records in both the province’s Drug Program Information Network and the Registration Database.

The information that could be accessed included what prescription drugs had been received, social insurance numbers, demographic information including birth date, personal health information numbers, and Pharmacare deductible information.

An email by the man to his family members, which was provided by the source, claimed most, but not all, of the access was done at the bidding of individual relatives who were seeking their own information.

As for the person whose information he is charged with accessing, the man said in the email: “I do not have much of an excuse, other than you are my kids and I care.”

The Free Press first reported on the allegations in November 2014, when Manitoba Health alleged the former employee had accessed the personal health information of at least 13 people while working there. It is not known why only one charge was laid.

Manitoba Health said at the time that as soon as it was made aware of the illegal access, it shut off the employee’s access to the information.