Canadian Healthcare Technology Logo
  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us

GE Revolution Ascend

GE Revolution Ascend

Enovacom EPC

Enovacom EPC

Privacy & Security

Privacy commission flooded by breach reports

October 23, 2019


Scott SibbaldEDMONTON – Reports of privacy breaches in the healthcare sector have soared in Alberta since new provincial regulations requiring mandatory reporting were put in place, according to the Office of the Information and Privacy Commissioner (OIPC).

“[They’re] more common than I think anyone in the health sector would like to admit,” Scott Sibbald (pictured), spokesperson for the OIPC told CBC News.

It has been mandatory to report such breaches to the privacy commissioner since Aug. 31, 2018, when the Alberta government brought in changes to the Health Information Act, which governs all health regulated health professionals.

Prior to the change, the OIPC would receive about 130 voluntary breach reports a year from both inside and outside AHS. In the first year after the new regulations came into effect, it was inundated with more than 1,000 reports.

For example, the office announced in early October that a former Alberta Health Services (AHS) clerk was charged and subsequently fined $8,000 for the unauthorized accessing of health records of 81 people on 471 occasions at the Michener Centre in Red Deer.

The OIPC has also been notified about other recent breaches within AHS. They include the disappearance of an unencrypted hard drive containing the personal health information of 650 patients at the Mazankowski Alberta Heart Institute in August, and the inappropriate access of 2,158 electronic health records by Alberta Public Laboratories staff at the Red Deer Regional Hospital earlier this year.

Sibbald says prior to mandatory reporting, the office was investigating five or six offences at any given time. There are currently 20 open investigations, with more than 70 cases flagged as potential offences.

According to Sibbald, most of the cases relate to simple problems – often the result of human error – such as a misdirected fax or email.

But the office is also dealing with increasingly complex breaches relating to inappropriate patient file access.

“We are, of course, seeing more incidents that are a result of snooping. So that’s authorized users of health record systems looking into health information that they don’t need to for their job,” he said.

The influx of reports is putting a strain on OIPC staff. “Considering how resource intensive and time sensitive these types of investigations are to meet the threshold before the courts, it’s really flooding the office at this time,” Sibbald said.

During the first eight months after mandatory reporting came into effect, 40 to 45 percent of the breaches flagged to the privacy commissioner came from within AHS.

“We do take it very seriously,” said Todd Gilchrist, an AHS vice-president. “Unauthorized access is disappointing when it happens and is something that should not continue to happen.”

According to Gilchrist, AHS officials are working to crack down on these kinds of privacy violations and are taking steps to educate staff through several new programs, including:

  • A new privacy protection and information access policy (July 2018).
  • “Infocare,” which offers privacy and information security training to staff and provides “an easy way for the reporting of breaches and security incidents” (February 2019).
  • Mandatory privacy training modules (June 2019).

Gilchrist says there is no software system in place right now to actively monitor for unauthorized access of electronic health records. Instead, random audits are conducted manually after a problem is flagged.

But Gilchrist says plans are in place to improve that when the first wave of Connect Care, a central access point for patient information, starts rolling out next month.

According to Gilchrist, the electronic information system will have intelligent software in place that actively monitors for breaches.

“This new smart auditing tool will allow us to have more defined levels of security clearance but then also – when it comes to auditing – it will no longer be the manual process. And the intelligent software will always be working across the system, as opposed to just targeting in and looking at specific access.”

PreviousNext

SteraMist (Feb)

SteraMist (Feb)

News and Trends

  • Eastern Ontario hospitals up-and-running on Epic system
  • Osler’s iHuddle app facilitates team communication, collaboration
  • DI: How will radiology change five years from now?
  • Hospitals and imaging centres are grappling with DI backlogs
  • RACE streamlines patient journey
More from the Print Edition

Subscribe

Subscribe

Free of charge to Canadian hospital managers and executives in nursing homes and home-care organizations. Learn More

Follow us on Social Media!

Follow us on Social Media!

Nihi Data [Winter 2023]

Nihi Data [Winter 2023]

WP

WP

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

SteraMist (Feb)

SteraMist (Feb)

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

Contact Us

Canadian Healthcare Technology
1118 Centre Street, Suite 207
Thornhill, Ontario, Canada L4J 7R9
Tel: 905-709-2330
Fax: 905-709-2258
info2@canhealth.com

  • Quick Links
    • Current Print Issue
    • Print Archive
    • Events
    • Vendors
    • About Us
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Resources
    • White Papers
    • Writers’ Guidelines
    • Privacy Policy
  • Topics
    • Administrative Solutions
    • Clinical Solutions
    • Companies
    • Continuing Care
    • Diagnostics
    • Education & Training
  •  
    • Electronic Records
    • Government & Policy
    • Infrastructure
    • Innovation
    • People
    • Privacy and Security

© 2023 Canadian Healthcare Technology

The content of Canadian Healthcare Technology is subject to copyright. Reproduction in whole or in part without prior written permission is strictly prohibited. Send all requests for permission to Jerry Zeidenberg, Publisher.

Search Site

Error: Enter a search term

  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us