Employees snooped on 198 patients at Island Health

VICTORIA – Island Health is notifying 198 individuals across the region after discovering their health record privacy was breached by two employees. Island Health’s investigation confirmed the employees used their access privileges to view the records of patients with whom they had no care or service relationship.

The investigation began after a routine audit was run of employee access to the Electronic Health Record. Steps were taken immediately to ensure the employees’ access to personal or confidential information was revoked and the BC Office of the Information and Privacy Commissioner (OIPC) was notified.

Island Health did not say when the audit or the breaches took place.

While the individuals affected are from a number of communities across Vancouver Island and beyond, the employees were based in Victoria. The organization said the employees no longer work for Island Health.

According to an Island Health release, “It is unacceptable that any employee uses his or her access privileges to view patients’ records. Such actions are contradictory to our organizational values and policies, and represent an exception to the high standard and ethical practice of staff and physicians working at Island Health.

“All Island Health employees and physicians are well-oriented to the importance of maintaining the confidentiality of sensitive information and the consequences of violating policy in this area.”

Access to patient records for reasons other than authorized work-related purposes directly contravenes Island Health’s Terms of Employment.

Island Health’s confidentiality policy further sets out specific examples of behaviours that are a breach. This includes “unauthorized reading of a patient’s chart” and “accessing information on yourself, children, family, friends or co-workers” when the employee does not need to see or know that information to do their job.

Island Health provides extensive, ongoing education and awareness for staff and physicians related to privacy. Unauthorized access to patient files is a breach of the code of conduct, is a violation of privacy and will not be tolerated.

The organization said it is assessing its practices now to mitigate any future violations.

This incident is the latest case of Island Health staff spying on confidential health documents in recent years. A long-term health professional was fired in April 2015 for looking at electronic records of 39 patients, including family, friends and co-workers.

That employee worked in central Vancouver Island and the breaches took place between January and November 2014. The person viewed files of patients in a number of communities on the Island.

An earlier case was uncovered in October 2014 in which two nurses viewed electronic files of 112 patients. Again, the patients were family, friends and co-workers. The nurses, who were fired, carried out their snooping between January 2012 and October 2014.