In October 2018, an investigation by the Office of the Information and Privacy Commissioner (OIPC) found that a former employee of Alberta Health Services (AHS) had improperly accessed and used health information that violated the Health Information Act (HIA). In addition, the investigation determined that AHS failed to ensure the employee was aware of and adhered to safeguards to protest health information.
The inappropriate accesses were discovered in 2016 following an audit of the employee’s accesses in Alberta Netcare and the Netcare Person Directory. The employee had improperly accessed and viewed health information of more than 1,300 individuals from 2004 to 2015.
Given the number of people affected in this case, the number of complaints submitted to the OIPC and media coverage of the matter, Commissioner Jill Clayton opened an investigation to review whether the employee’s accesses complied with the HIA and whether AHS took reasonable steps to safeguard health information.
The focus of the investigation shifted from the employee to AHS’ responsibility to implement safeguards. The final report highlights the potential consequences for failing to implement and maintain reasonable safeguards to protect health information.
On August 31, 2018, amendments to HIA came into force that introduce a fine of not less than $200,000 for a person who fails to take reasonable steps to maintain safeguards to protect against potential threats to the security of health information.
Corridor’s Alberta-focused Privacy Awareness in Health Care online training can help ensure your health care staff – doctors, nurses, assistants and support staff – are all clear on how to protect a patient’s personal health information, and when and how their information may be accessed.
Not in Alberta? Corridor offers privacy training programs for health care organizations in other provinces, too.
Contact us for more information and how we can help.
—
