CBC News reports:
Newfoundland and Labrador’s privacy commissioner says a registered massage therapist breached the Personal Health Information Act by failing to properly safeguard a patient’s file.
Commissioner Ed Ring says the therapist lost a file containing the personal health information of the complainant, a patient.
The commissioner recommended that the massage therapist, and other people who have access to health information, should take steps to learn the act and ensure they are following it.
Read more from CBC, but I doubt anyone really needs to read the act to know that you’re not supposed to lose patient files.
You can read the commissioner’s report here. In this case, the Custodian of the file did not have policies in place, and then, to make matters worse (from my perspective), ignored contacts from the Commissioner’s office:
On July 25, 2011 this Office wrote to the Custodian and formally advised her of the complaint. An investigator from this Office spoke with the Custodian briefly by telephone and explained the investigative process. On August 25, 2011, another letter was sent to the Custodian requesting information with respect to the Custodian’s information handling and storage practices and any policies and procedures relating to information management. Unfortunately, there was no response to the second letter, despite several unsuccessful attempts to contact the Custodian by telephone and letters sent (by courier) in November 2011 and January 2012. Finally, in early February 2012, this Office prepared and served a Summons to Witness on the Custodian and on February 13, 2012, the Custodian attended at our Office and provided the information necessary for us to proceed with our investigation and Review.
Under the circumstances, I think the Commissioner was being kind in not naming the therapist, but the word does need to get out that therapists need to comply with PHIA and that they need to cooperate with any investigations.