The Regina Leader-Post staff reports the follow-up on a Saskatchewan breach reported previously on this blog:
The doctor who was responsible for patient files found in a Regina recycling bin last March will not be charged.
The provincial Information and Privacy Commissioner Gary Dickson conducted a four-month investigation last year and recommended that the Minister of Justice consider prosecuting Dr. Teik Im Ooi under the Health Information Protection Act (HIPA).
The government had the commissioner’s recommendation reviewed by the Public Prosecutions Division and then by a private law firm to determine if charges were warranted under HIPA.
Both reviews concluded there wasn’t enough evidence to pursue charges, saying the prosecution wouldn’t be able to prove Ooi knew her safeguards were insufficient to prevent the incident.
Read more on the StarPhoenix.
I don’t know what, if anything, the Saskatchewan College of Physicians did, as they did not provide a comment.
Patrick Book of CJME adds:
Justice Minister Gord Wyant admitted the law needs to be looked at.
“There’s a flaw in the legislation,” he admitted in an interview with reporters at the Legislature Friday morning. “Perhaps we need to talk about issues of chain of custody, those kind of things. Lowering the threshold to ensure that if this does happen again we would have the grounds to be able to pursue a prosecution.”
He said the province intends to put together a working group to investigate what appropriate changes to the legislation could be.
Privacy Commissioner Gary Dickson is hopeful that process proves fruitful. He noted that no one has ever been charged for breaches, even though they happen fairly regularly. That’s because the law dictates the government would have to be able to prove that a doctor, who is charged with caring for the files, is aware of or involved in the improper disposal of records.
If that’s the case, yes, they need to lower the standard as the doctor is ultimately responsible as custodian of a patient’s records. There will be times when they do not know what an employee has done or when an employee violates privacy by discarding of records improperly, but the law should allow someone to be held responsible or liable.