Medical coder at Grey Bruce snooped on records

September 7, 2016

Owen Sound HospitalOWEN SOUND, Ont. – An investigation at Grey Bruce Health Services has determined that a former employee inappropriately accessed the electronic medical records of 246 individuals over a seven-year period from January 2008 to September 2015.

The investigation was initiated after four individuals came forward with concerns about access to personal information within their electronic medical records.

“This breach involves one individual who accessed electronic medical records for no apparent work-related reason,” hospital officials said in a news release. “The breach appears to be related to personal curiosity.”

All those who have been affected by the breach have been notified in writing, and a summary of the investigation has been given to Ontario’s Information and Privacy Commissioner. After GBHS determined there was a breach of privacy related to the employee, they contacted the Canadian Health Information Management Association, of which the employee was a member, said Mary Margaret Crapper, GBHS’s director of communications and public relations.

“The employee is no longer working at the organization,” Crapper told the Owen Sound Sun Times. She noted the employee worked in an administrative position at GBHS and not in a patient care area of the hospital.

“It is not a nurse or a doctor for example,” said Crapper. “It is someone whose job it is to enter information into the medical record once you see your physician in the hospital.

“Their full job is to enter data into electronic medical records to code them for Ministry of Health purposes or to record data.”

Crapper said GBHS does random audits of medical record access on a regular basis and they are confident that they did a very thorough investigation in relation to the breach.

“This situation did come to light last fall,” said Crapper. “The individual hasn’t been working with Grey Bruce Health Services since the fall.”

The organization works with all staff to ensure they know the importance of protecting health information and the consequences for breaches in confidentiality. Privacy training is conducted regularly, and all staff sign confidentiality agreements, the news release said.

“We sincerely regret that this has occurred, and we continue to take every opportunity to strengthen staff training an work processes to ensure patient privacy is protected,” the news release said.