Canadian Healthcare Technology Logo
  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us

GE Revolution Ascend

GE Revolution Ascend

Enovacom EPC

Enovacom EPC

Privacy & Security

Six provinces don’t require patients to be notified of breaches

October 5, 2016


catherine-tullyTORONTO – A CBC News investigation found six provinces, which have a combined population of about 20 million, have no legislation in place requiring hospitals, doctors and other healthcare providers notify patients of a breach of their medical files.

B.C., Alberta, Saskatchewan, Manitoba, Quebec and P.E.I. don’t have legislation that requires healthcare providers to notify patients of a breach.

In the jurisdictions that do have some form of notification requirement, the legislation often has a minimum harm threshold. In Yukon, for example, the bar for notification is “risk of significant harm as a result of the security breach.”

Ottawa-based lawyer Michael Crystal says notification is essential “if you are to have a confident patient-hospital or patient-medical health professional relationship.” Crystal is currently involved in five class action lawsuits involving thousands of patient records and says personal health information breaches are becoming more prevalent.

He says class action lawsuits are an important deterrent, but there’s also room for privacy commissioners and prosecutors to take action.

“The prosecutions will play significant roles, because what really needs to change is the behaviour and the perception by hospitals as to the priority which personal health information ought to receive.”

The legislative landscape across the country is uneven.

The information CBC News gathered from privacy watchdogs and health authorities from across the country suggests there were more than 1,300 breach reports in 2015, compared to 922 in 2014.

The numbers include provinces where custodians of health information don’t have to report breaches to their respective privacy watchdogs.

These provinces include B.C., Alberta, Saskatchewan, Manitoba, Ontario, Quebec and P.E.I., although Ontario, Alberta and P.E.I. have passed legislation that, once implemented, will make it a requirement.

Catherine Tully (pictured), Nova Scotia’s information and privacy commissioner, says if you look at jurisdictions where prosecutions have occurred under privacy law, “it’s almost always the privacy commissioner who raises the issue with Crown or police based on serious breach notifications.”

Nova Scotia’s law requires notifying the actual victims of serious breaches, but health officials are only required to report minor breaches to Tully.

“So without this information, I’m not able to assist the Crown and police in prosecuting serious breaches,” she says.

Brian Beamish, Ontario’s information and privacy commissioner, says his preference wouldn’t be to refer breach cases to the attorney general for prosecution.

He’s been in the role since 2014, and says prosecution is a tool that should be used selectively. He says losing one’s job and the bad publicity that can come along with violating privacy is punishment enough in some cases.

Nonetheless, he’s referred five cases for prosecution since 2015. Three of those resulted in convictions for snooping.

Those numbers exceed what other jurisdictions reported to CBC News, with the exception of Alberta where the privacy commissioner has referred six cases since 2011 resulting in four convictions.

Willa Magee of Shelburne, N.S., knows how it feels to have someone sneak through her private health information.

“I think it’s very personal. Even if you don’t have some terrible illness, it’s just personal,” she says. “You go to a health practitioner thinking that what you say to them is going to be held in confidence one way or another.”

Magee is retired and moved east from Montreal in the 1990s. In the spring of 2012, she received a letter from the South West Nova District Health Authority informing her that she was among 707 patients whose privacy had been breached.

A breach can be anything from someone accidentally sending records to the wrong destination to someone stealing health information and selling it.

In Magee’s case, it was “snooping,” as a clerk inappropriately accessed her medical records.

“I was pretty angry, to tell you the truth. First of all because I didn’t know how badly they’d been breached or if … any of the records had been changed or what it all meant,” Magee says.

But Magee actually has some cause for relief in an otherwise unfortunate situation. She lives in a province where hospitals are required to notify individuals of serious breaches. Otherwise, she might never have known.

The clerk who snooped through Willa Magee’s file was fired, and Magee is now part of a class action lawsuit against the health authority set to go to trial in June 2017.

She wants tough penalties for those who break the bond of trust between patient and healthcare provider. “It’s only the people whose records have been breached, whose privacy’s been breached, that are still in the dark and out in the cold.”

PreviousNext

SteraMist (Feb)

SteraMist (Feb)

News and Trends

  • RACE streamlines patient journey
  • Healthcare supply chain needs a re-think, observers say
  • EDI spots pricing anomalies in Ontario’s healthcare supply chain
  • AI centres of excellence and companies collaborate on apps
  • Talking Stick: New hope for Indigenous mental healthcare
More from the Print Edition

Subscribe

Subscribe

Free of charge to Canadian hospital managers and executives in nursing homes and home-care organizations. Learn More

Follow us on Social Media!

Follow us on Social Media!

Nihi Data [Winter 2023]

Nihi Data [Winter 2023]

WP

WP

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

SteraMist (Feb)

SteraMist (Feb)

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

Contact Us

Canadian Healthcare Technology
1118 Centre Street, Suite 207
Thornhill, Ontario, Canada L4J 7R9
Tel: 905-709-2330
Fax: 905-709-2258
info2@canhealth.com

  • Quick Links
    • Current Print Issue
    • Print Archive
    • Events
    • Vendors
    • About Us
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Resources
    • White Papers
    • Writers’ Guidelines
    • Privacy Policy
  • Topics
    • Administrative Solutions
    • Clinical Solutions
    • Companies
    • Continuing Care
    • Diagnostics
    • Education & Training
  •  
    • Electronic Records
    • Government & Policy
    • Infrastructure
    • Innovation
    • People
    • Privacy and Security

© 2023 Canadian Healthcare Technology

The content of Canadian Healthcare Technology is subject to copyright. Reproduction in whole or in part without prior written permission is strictly prohibited. Send all requests for permission to Jerry Zeidenberg, Publisher.

Search Site

Error: Enter a search term

  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us