Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, is investigating a privacy breach involving the personal health information of 6,490 Ontarians involved in a Cancer Care Ontario (CCO) screening program.
CCO announced that the delivery of 15 Screening Activity Reports related to its ColonCancerCheck program cannot be confirmed. The delivery status of an additional 11 reports is still under investigation (containing the personal health information of a possible additional 5,440 Ontarians). The reports were sent to primary care physicians across the province in February and March 2011, via Canada Post’sXpresspost courier service.
The Commissioner’s office was first advised of the loss on June 27, at which stage it commenced an investigation and began advising CCO on the steps it should take to address the loss and minimize impact on Ontarians involved. This included actual site visits to physicians’ clinics to search for the lost reports.
“Medical test results rank among the most sensitive personal information about an individual,” said Commissioner Cavoukian. “I am astounded that such a loss could take place. The first step is to minimize any harm by locating as many of these reports as possible. As part of our investigation, we will be looking at steps that can be taken to ensure that this type of breach doesn’t happen again.”
People whose health information is in the reports for which delivery cannot be confirmed will be notified via letter by CCO or their primary care physician during the next few weeks, and anyone with questions can contact the ColonCancerCheck Contact Centre at 1-866-662-9233 or visit www.cancercare.on.ca.
Ontarians directly affected by this breach may also make a complaint to the office of the Information and Privacy Commissioner of Ontario. To do so, please call 416-326-3900 or 1-855-545-8989, or e-mail[email protected].
The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner’s mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians, in addition to educating the public about access and privacy issues. For more, seewww.ipc.on.ca
News release via CNW