• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Corridor Interactive

Online Training Experts

  • Online Training
    • About Online Training
    • Drug & Alcohol Online Training
    • Privacy Awareness in Health Care Online Training
    • Workplace Violence Online Training
    • Equity, Diversity & Inclusion Online Training
  • Custom Training
    • About Custom Training
    • Policy Management System
    • Request a Demo
  • Resources
    • Blog
    • Customer Success
    • Video Resources
    • FAQ
    • Alcohol & Drug Facts
    • Healthcare Privacy Facts
  • About
    • About Corridor
    • Leadership Team
    • Subject Matter Experts
    • Why Work With Corridor?
    • Pressroom
  • Contact
  • Log In
  • Search
Anatomy of a Privacy Breach in Health Care

Anatomy of a Privacy Breach in Health Care

June 15, 2021

This article is part 2 of our 3-part Privacy Training Series: Financial Impacts & Consequences of a Privacy Breach.

It doesn’t take significant effort with Google to discover multiple stories about privacy breaches in Canadian healthcare settings over the past year. These stories have consistent plot lines with egregious privacy breaches being committed by employees, typically for personal reasons and with strong enforcement outcomes. 

These privacy breach stories normally contain detail about the incidents, the health care facility, and the names of the individuals who committed the breaches (intentional or not), all in the public record. Employers’ names and practices are also highly publicized. Many of these stories gain broader publicity than a disciplinary tribunal hearing by regularly appearing in industry publications. Of course the juicier or higher profile  cases always end up on the evening news. It goes without saying that this is not how healthcare practitioners want to gain publicity for their organization.

Intentional and Unintentional

What do many of these breaches look like? The two most common circumstances for privacy breaches are intentional and unintentional. 

The intentional breach frequently involves an employee improperly accessing multiple patient healthcare records over a period of time. The breach is commonly discovered by one of three methods:

  • Most frequent is through an accidental disclosure of information that triggers someone to question why that employee was accessing the information.
  • Second most common is the breach victim becoming suspicious and requesting a log of who has accessed their information.
  • The final most popular method that reveals privacy breaches is through periodic audits of information access. Either way the breach is discovered, in a digital world the trail of evidence is easy to follow.

The unintentional breach that normally stems from poor privacy procedures and practices is often more egregious, as the information is frequently lost into the public domain. There are unknown consequences to those whose privacy has been affected and no way to fully retrieve the information. For example, consider electronic devices with privacy information improperly stored on them that become lost or stolen – either way, there are  equal chances of the privacy breach ending up as tomorrow’s headlines. 

A look at privacy breaches in Canada over the last few years shows that all levels of employees were involved. Breaches are committed by staff ranging from billing clerks all the way to the top levels of the medical profession. It is important to note again that not all  breaches are intentional. 

Malicious Breaches Pose a Growing Threat; Accidental Breaches Still Common

This is where things get strange! The majority of breaches are not committed for financial gain. A survey of recent cases reveals motivations more related to human emotions and frailty. 

  • Snooping or malicious breaches are the leading reason why people commit privacy breaches, to learn information about family members or friends.
  • Next up is influencing an outcome of a situation by gaining an informational edge with personal knowledge of the people involved.
  • In the third spot is revenge, using healthcare information to do potential harm to another person.
  • Inadvertent breaches from human error and system glitches are still too common.

Consequences

Penalties for breaches continue to be severe as governing bodies take privacy very seriously. A wide range of sanctions frequently given include hefty monetary fines, professional reprimands, work discipline actions including suspensions, the removal of future privileges to access to health information systems and loss of employment. For the health practices there is significant reputational damage plus additional costs that will be discussed in our next blog. 

Privacy Best Practices Starts with Education & Annual Training

Since privacy breaches start with people, it is important to identify ways to improve your privacy best practices before your office becomes tomorrow’s headlines. The best medicine, as mandated by many governing tribunals, starts with education and annual privacy training. Efficient online training where progress is tracked and audited, with frequent refresher courses has been proven to work. A proactive training strategy  keeps employees up-to-date on privacy obligations and reminds them of the serious consequences a privacy breach brings. The cost to employers and employees of proper education is substantially less than the alternative!

See all Blog Articles

Latest Articles

The Risks of Personal Health Information and Fax Machines

Health Care Patient Privacy Free Workshop by Jean L. Eaton

New Canadian Guidelines on Alcohol and Health: What Employers Need to Know

Why “Subject Matter Experts” are Valuable

Medical & Recreational Cannabis in the Workplace
Fit for Work?

Footer

Corridor Interactive
Contact
LinkedIn icon
  • Drug & Alcohol
    • Canada
    • Supervisor Training
    • Supervisor DOT Training
    • Employee Training
    • USA
  • Privacy in Health Care
    • Alberta Training
    • Ontario Training
    • Canada Training
    • Dental Training
  • Equity, Diversity & Inclusion
  • Workplace Violence
  • Custom Training
  • Blog
  • Pressroom
  • Subject Matter Experts
  • Privacy Policy
  • Terms of Use
@ Corridor Interactive Inc. All Rights Reserved