CBC News in Canada reports:
Inappropriate access to medical records has meant a breach of privacy for 277 patients in the Cape Breton District Health Authority.
Researchers viewed patient names, addresses and two lab test results before physicians had asked their patients for their consent to participate in an approved research study.
The study would have looked at the effectiveness of a new type of drug for the treatment of diabetes.
[…]
Any information obtained by the researchers was returned to the district, according to the release.
A letter explaining the issue has been sent to the individual patients.
“We are confident that the information in this situation was not shared. However, our district will no longer be taking part in this particular research study,” said Malcom.
Read more on CBC.ca or see the health district authority’s press release, which is linked from their home page.
Wow. That’s a pretty severe consequence for a breach that was likely just a screw-up on the researchers’ part. Certainly all researchers know they need consent. So how did the researchers even get access to the patient data without the necessary paperwork in place? Although the researchers are being penalized, it seems, did someone at the health authority also goof?