From the Winnipeg Health Region, this press statement:
Proactive audit identifies patient information accessed inappropriately
A proactive audit by the Winnipeg Regional Health Authority (WRHA) has identified the personal health information of at least 56 individuals was inappropriately accessed by an employee who at the time was working within the Region.
Following an investigation of the audit results by WRHA privacy staff, it was determined a pharmacist located at the Grace Hospital had a history of accessing and reviewing health records of patients to whom this individual was not providing care. As a result, the employee is no longer working with the WRHA.
“Accessing, reviewing, or browsing through patient records out of curiosity is not permitted,” said Mr. Real Cloutier, Vice-President and Chief Operating Officer of the WRHA. “We take patient privacy and our role in safeguarding personal health information very seriously, and we appreciate how upsetting this can be for patients. I am reassured, however, that the security and auditing procedures we have in place successfully identified this unauthorized activity so it could be stopped.”
The patients identified as having their personal health information inappropriately accessed have been notified. The Manitoba Ombudsman has also been notified of the privacy breach as has the respective professional body responsible for licensure.
The system used to access patient information in this case was eChart Manitoba. EChart is a secure electronic system that allows authorized health care providers access to patients’ health information when it is required by doctors, nurses, radiologists, and other staff to provide care to patients. Accessing and reviewing a patient’s information is only permitted by health care providers when they require that information in order to deliver care to that patient. The eChart system maintains a record of all user activity allowing for routine, as well as focused, audits to ensure patient information is not being inappropriately accessed.
Records in eChart include identifying information like name and address, as well health information such as filled drug prescriptions, lab results, immunizations, and x-ray reports.
“Access to electronic health information has been proven to improve patient care by providing ready access to up to date health information to healthcare teams, and eChart continues to be a valuable system that has helped improve the efficiency and quality of patient care,” said Mr. Cloutier. “Equally important, however, is it has enabled us to better identify and address instances where patient information was accessed inappropriately. In the past, our ability to do this was much more limited.”
Unauthorized use or disclosure of confidential patient information may result in a disciplinary response up to and including termination of employment, association, or appointment. In addition, individuals charged and convicted of an offence under The Personal Health Information Act may be required by the Court to pay a fine of up to $50,000.
Additional information about the WRHA’s access and privacy policies can be found on-line at wrha.mb.ca/privacy. Further information about eChart Manitoba can be found online at echartmanitoba.ca.
Updated May 1: 1,756 patients were affected (h/t, @fanCRTCProfling).