Health PEI notifies public of health records breach

CHARLOTTETOWN – Health PEI is notifying the public of a recent privacy breach as the result of a stolen laptop. In early April, an employee’s laptop was stolen, containing information about more than 4,000 patients and more than 1,200 Health PEI employees. The laptop theft was reported to police the following day.

The laptop was password protected and information technology staff took steps to secure the information as soon as possible, including resetting the password. The likelihood of anyone being able to access the information is believed to be low.

The majority of the information was about the patients’ visits to PEI emergency departments between the dates of September 1, 2021 and October 13, 2021, including the reason for the visit, the diagnosis and the name of the treating physician. Names, dates of birth, health card numbers, gender and postal code were included.

A small amount of information (less than 30 patients) was in relation to individuals who were in hospital awaiting long term care. It included demographic information, including the patients’ name and health card number and information about their admission to the hospital, including the unit where they were a patient, how long they were admitted to the hospital and the fact that they had been medically discharged.

Personal information belonging to more than 1,200 Health PEI long-term care staff was also on the laptop, including names, positions, hours worked and rate of pay. No banking for financial information was in the files.

Health PEI has sent letters to all those whose information may have been breached. The type of information contained in the files is not considered a risk for identity theft.

“On behalf of Health PEI, I sincerely apologize to the patients and staff who have been affected by this breach. Patient information is incredibly sensitive, and Health PEI takes the protection of personal health information seriously,” said Dr. Michael Gardam (pictured), Health PEI CEO. “Health PEI is conducting a full review of this situation to ensure any gaps in our protocols are discovered so we can make any changes to improve the security of patient information moving forward.”

Dr. Gardam also offered an apology to staff who were impacted.

“Employees have an expectation and right to privacy with regard to their personal information. This breach affected a large number of our long-term care staff who have gone above and beyond at all times and especially during the COVID-19 pandemic. On behalf of Health PEI, I am sorry that this happened.”

The Information and Privacy Commissioner has been notified of the incident and will conduct a review of the Health PEI privacy breach investigation.