Privacy & Security
Snooping of health records uncovered in Nova Scotia
July 19, 2017
HALIFAX – The Nova Scotia Health Authority has been contacting 337 people after six employees looked up the personal health information of patients. It was found that the information wasn’t needed for the work being done by the staff members.
The breaches were discovered in two separate investigations, said Colin Stevenson, the health authority’s vice-president of quality, system performance and transformation. “People were deliberately looking up other information or records, and that really is when we get into … a notifiable breach of confidentiality,” said Stevenson.
The first investigation was launched after a patient filed a complaint in July 2016. The health authority subsequently found three staff members inappropriately accessed the records of 244 people.
That investigation ended in January but the health authority said it took several months to identify the affected patients.
Stevenson said the remaining breaches were discovered after a manager spotted suspicious activities, also in January of this year. The health authority conducted audits and found three other employees had accessed 93 files.
All the cases involve electronic medical records.
Stevenson couldn’t say what type of information staff looked up except that it was “beyond what it necessary for them to perform their work.”
“Based on the investigation, it doesn’t appear any of the information that was accessed was shared outside of the organization or with others. However, any breach for us is significant,” he said.
The health authority reported both cases to the province’s information and privacy commissioner, he said.
Stevenson said disciplinary actions are taken when staff don’t follow policies and violate a patient’s privacy. He said he couldn’t specify what happened in these cases or if the people involved are still employees.