After hospitalization for an auto accident the nurse requested an accounting of who had accessed her electronic health record(EHR). This is how she discovered that this doctor, who was not involved in her care, had accessed her medical records. The regional privacy commissioner investigated and confirmed the doctor had breached her privacy.
"Patient trust is at stake if employee/practitioner snooping is allowed to persist." - Privacy CommissionerIn addition to the reprimand the privacy commissioner has urged healthcare organizations make a greater effort to address privacy complaints. They noted that patient trust was at stake if employee/practitioner snooping is allowed to persist.
If the nurse had not requested an accounting of disclosures the privacy breach may never have been discovered. Healthcare organizations seeking to proactively detect privacy breaches, as well as easily provide accounting of disclosures, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Saskatchewan employee snooping case: do two privacy wrongs make a right? - www.Lexology.com, 01/12/2015