Eastern Health advised today that it has experienced an accidental breach of privacy of 63 of its clients. The accidental breach occurred when the briefcase of an employee was stolen from a vehicle while left unattended for approximately 10 minutes on the evening of April 17, 2013. The briefcase contained one client chart and a notebook with limited personal health information of 62 other clients. The briefcase has not been recovered at this time.
“I regret that this incident had occurred, and I apologize to all of the patients whose privacy has been accidentally breached,” said Vickie Kaminski, President and CEO of Eastern Health. “We continue to hold zero tolerance for any wilful privacy breach that occur in our organization, and will make every effort to learn from this accidental privacy breach in efforts to further strengthen our privacy and confidentiality practices.”
Eastern Health has identified all the patients who have been impacted by the accidental privacy breach, and has contacted the majority of those impacted as of Thursday, April 25, 2013. The Office of the Information and Privacy Commissioner has also been notified of the accidental privacy breach due to theft.
There are incidences when it is appropriate for employees of Eastern Health to have personal health information outside of its facilities, such as during the provision of care and service delivery. Eastern Health has policies in place to help guide the security of personal health information while it is in use on its property, and when employees are off-site or in-transit.
This incident is the second accidental breach of personal health information that Eastern Health has experienced last week. On April 16, 2013, a briefcase was stolen from another employee’s vehicle and the briefcase contained information on two patients. The briefcase has since been recovered and the patient information remained intact.
The two patients were advised of the incident.
As a result of this accidental privacy breach due to theft, Eastern Health has communicated to its managers to remind staff of their duty and the importance of securing patient information at all given times.
Eastern Health states that there is limited additional information it can provide regarding the accidental breach of privacy, since the client group is defined and that any further information could potentially identify the client group that has been impacted.
As a routine practice, Eastern Health reports any material breaches of patient privacy, whether accidental or willful, to the Office of the Information and Privacy Commissioner.
It is Eastern Health’s top priority to protect the privacy and confidentiality of individuals’ personal health information, and it holds its responsibility to the public and as a custodian of personal health information in the highest regard.
SOURCE: Eastern Health Authority