It happened again. Chatham-Kent Health Alliance (CKHA) officials report a large-scale breach of health records, and they say two staffers were responsible.
The two people, already terminated by the alliance, went snooping into the health records of about 120 patients.
It has happened before. That last large-scale privacy breach took place almost two years ago, in May of 2020, when one employee accessed the records of 40 patients.
That person was also terminated.
This time around, the breach was discovered during a recent routine audit of patient electronic health records. Alliance officials discovered that the two employees accessed a number of health records without an apparent valid reason to do so.
CKHA immediately launched an investigation that revealed the employees accessed the records of the 120 patients. Based on the result of the investigation and given the lack of pattern to the inappropriate accesses, it was determined these are cases of random snooping due to curiosity, officials said.
CKHA can also confirm that the employees did not copy or print the health records that were inappropriately accessed.
“CKHA is committed to patient-centred care and preserving patients’ trust in the care they are receiving and the staff providing that care,” said Lori Marshall, president and CEO, CKHA, in a media release. “We regret that these privacy breaches happened. We will continue the routine auditing of patient electronic health records.”
CKHA has reported these privacy breaches to the Information and Privacy Commissioner of Ontario (IPC). Administrators have notified individuals affected via mail.
The 2020 incident was also reported to the privacy commissioner. All 40 patients were also notified of the breach.
That time around, the then-employee accessed patient hospital charts, Marshall said, adding there was nothing in common between the patients that hospital officials could determine.
CKHA administration implemented a new information system later that year.
Marshall said CKHA provides staff education with annual privacy training in addition to annual Hospital Information System (Cerner) training. The hospital will be also be implementing further privacy education through its internal communication tools.