Tuesday, March 22, 2011

Medical technician snoops on the electronic personal health information (ePHI) of her ex-husband's girlfriend

Information and Privacy Commissioner Ann Cavoukian ordered a Hospital in Ottawa to tighten rules on electronic personal health information (ePHI) due to the hospital's failure to comply with the Personal Health Information Protection Act (PHIPA).
"The actions taken to prevent the unauthorized use and disclosure by employees in this hospital have not been effective." - Information and Privacy Commissioner Ann Cavoukian
The problem began when one of the hospital's diagnostic imaging technologists accessed the medical records of her ex-husband's girlfriend. At the time of the snooping, the girlfriend was at the hospital being treated for a miscarriage.
Download a white paper on patient privacy breach detection as a service. Learn how a service can cost effectively address PHIPA - with no hardware and no on-site software.
Commissioner Cavoukian faulted the hospital for:
  • Failing to inform the victim of any disciplinary action against the perpetrator.
  • Not reporting the breach to the appropriate professional regulatory college.
  • Not following up with an investigation to determine if policy changes were required.
"The aggrieved individual has the right to a complete accounting of what has occurred. In many cases, the aggrieved parties will not find closure ... unless all the details of the investigation have been disclosed." - Information and Privacy Commissioner Ann Cavoukian
It was not the hospital but the victim who instigated an investigation. The hospital determined that the diagnostic imaging technologists had accessed the victim's medical files six times over 10 months.
The information inapprorpriately accessed included "doctors' and nurses' notes and reports, diagnostic imaging, laboratory results, the health number of the complainant, contact details ... and scheduled medical appointments." - Information and Privacy Commissioner Report
Sources:
(a) Privacy czar orders Ottawa Hospital to tighten rules on personal information (Now behind paywall) - Ottawa Citizen, January, 2011
(a) Victim of privacy breach wants hospital to explain - phiprivacy.net November, 2010

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.