Staffer snooped at health records of 40 patients for no reason
By Bruce Corcoran
A Chatham-Kent Health Alliance (CKHA) employee went snooping into the health records of 40 patients in recent months; they are no longer with the organization.
Justin Turkington, director of human resources and occupational health and safety for the alliance, said the information breach took place over a matter of months – from March to May.
“This is a privacy breach. It has been reported to the Privacy Commissioner,” Lori Marshall, president and CEO for the CKHA, said. “We’re notifying each of those 40 patients or their substitute decision-makers, if that is more appropriate.”
None of the information was copied or printed, Marshall said.
She added the breach was initially identified in May through a routine system audit. Further investigation led alliance officials to uncover the full scope of the breaches dating back to March.
“We went back to all of those accesses and identified 40 individuals,” Marshall said.
She declined to identify so much as the gender of the former employee, and would not say if the person had resigned or been terminated.
“We have certainly reported this to the employee’s professional college,” she said, but declined to say in which profession the employee worked.
Marshall did admit it was not a physician, as the doctors are technically not employed by the CKHA
“But there are multiple professions that have a professional college,” she said.
The former employee accessed patient hospital charts, Marshall said, adding there was nothing in common between the patients that hospital officials could determine.
Officials considered this a situation of “random snooping due to curiosity” according to a CKHA press release.
Marshall said breaches of patient records are a rare occurrence, about once a year on average. Due to the size of this breach, alliance officials opted to make the breach public.
An overhaul of the hospital’s information system in the fall will make it more difficult for such breaches to occur, she added.
“One of the things that will be happening in November is we will be implementing a new information system. Our current system is quite archaic and really is in need of replacement,” she said, adding plans for the system replacement were in the works prior to the breach. “The new system will have much greater auditing capabilities. It will be easier for us to track the electronic records if someone accesses if they were not authorized to do so.”
When employees join the CKHA, Marshall said they are required to sign confidentiality agreements and complete mandatory privacy electronic learning, which is refreshed on an annual basis.
“CKHA is committed to patient centred care and preserving patients’ trust in the care they are receiving and the staff providing that care,” Marshall said. “We regret that this privacy breach happened.”
