Privacy & Security
Physician disciplined for snooping into records
July 6, 2016
TORONTO – The College of Physicians and Surgeons of Ontario held its first-ever disciplinary hearing for one of its members accused of snooping. Dr. Douglas Brooks, a general practice physician in Sault Ste. Marie, was found to have improperly probed the electronic medical records of two non-patients several times, college spokesperson Kathryn Clarke said.
The Toronto Star reported that Dr. Brooks had his college certification suspended for five months, must participate in medical ethics training, and was ordered to pay $5,000 in costs for the hearing.
There are three more discipline hearings scheduled in the coming months for alleged snooping by other doctors.
Meanwhile, politicians at Queen’s Park recently passed a bill to strengthen the Personal Health Information Protection Act (PHIPA).
The legislation now makes it mandatory to report privacy breaches to the privacy commissioner, doubles fines for snooping from $50,000 to $100,000 for individuals and $250,000 to $500,000 for organizations, and removes the requirement for PHIPA charges to be laid within six months of an alleged snooping incident.
While Ontario’s privacy commissioner, Brian Beamish (pictured), welcomed these changes, he said the next step involves “education and training” to inculcate a more robust culture of privacy at hospitals and health care practices – especially in light of the ongoing push to make more health records available electronically.
“It’s unfortunately almost unavoidable,” he said of record snooping.
Last month, a Mississauga woman filed a $3-million lawsuit alleging that her patient records were improperly accessed by her sister, who worked at a private ophthalmology practice with access to thousands of patient files from three local hospitals.
The proposed class-action accuses the Trillium Health Partners, which oversees the hospitals, and an ophthalmologist of failing to properly monitor and protect patient information.
None of the allegations has been proven in court and no statements of defence have been filed.
Trillium has confirmed that files of six patients were improperly accessed, including those of the woman who launched the lawsuit.
Responding to a series of questions, Trillium spokesperson Catherine Pringle said that, over the past four years, the hospital has investigated 212 alleged snooping cases, 20 of which – involving records of 34 people – were confirmed.
Only four of those, however, were reported to the privacy commissioner, the agency responsible for investigating potential PHIPA breaches, Pringle said. Trillium pledges to follow the recently approved new rules and report all breaches in the future.
Since tracking of access began in 2011, Trillium has conducted 363 privacy education sessions with doctors and staff. They give out annual privacy policy material to more than 1,200 physicians as well, Pringle said.