Thursday, September 8, 2011

Nurse Violates Privacy of 5,800 Patients Over 6 Years

What is the right frequency for patient data privacy audits?

A nurse was fired for 5,800 violations of patient data privacy dating as far back as 2004. The nurse's snooping was discovered in 2011 by a privacy audit at the hospital where she worked in North Bay, Ontario.

The nurse looked at visit histories, prescribed drugs, lab results, and other information a nurse typically uses to perform her job. But the nurse was not part of the "circle of care" for these patients, and therefore had no legitimate reason to access the medical records.
"This person was looking at information out of curiosity." - Marc Bouchard, hospital CIO and Chief Privacy Officer
Once the massive privacy breach was discovered the nurse was interviewed. She is said to have admitted she had no legitimate reason to be looking at the records. Afterwards she was dismissed.

Further investigation lead the hospital to believe that the information inappropriately accessed by this employee was not released to other staff or beyond the hospital and that patient care was never negatively affected.
"It is the health centre’s goal to ensure that necessary health information is readily available to appropriate caregivers to ensure patient safety and quality of care, but that it is not disclosed beyond the circle of care‐givers.." - Pat Stephens, hospital spokesperson
As required by the Personal Health Information Protection Act, the hospital has contacted each affected patient to inform them of the breach of their personal health information as well as reporting the inciden to the Information and Privacy Commission of Ontario. In addition the hospital plans to implement more rigorous audits to detect attempts to inappropriately access health care information.

While that situatoin is, hopefully, an extreme example, it raises the question of how frequently patient data privacy audits should be performed. Not how often your current resources allow you to perform audits, but if you could magically receive an audit of suspicious access to patient data across all patients what would be your prefered frequency?

Your thoughts? Feel free to post your comments anonymously.
Download a white paper on patient privacy audits as an automated service. Learn about a service that proactively identifies unauthorized breaches of patient privacy, even by nurses, doctors, and other authorized users - with no hardware and no on-site software.
(a) Breach of Privacy Occurs at North Bay Regional Health Centre Affecting 5,800 Patients - North Bay Regional Health Centre, September 6, 2011
(b) Nurse fired after breach of privacy at hospital, 5,800 patients affected - The Nugget, September 6, 2011

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at