David Giles reports that Ronald Kruzeniski, Saskatchewan’s information and privacy commissioner (IPC) and the Saskatoon Health Region Authority (SHRA) are at odds over whether disciplinary action taken against a snooping employee should be disclosed.
The dispute arose in the context of an employee who snooped on her own records and five others’ records without a need-to-know.
In the wake of the breach, the IPC had made a number of recommendations to SHRA, which Giles summarizes as:
- Suspend employees who have snooped. The length of the suspension should be dependent upon the seriousness and frequency of the snooping;
- Monitor employees who have snooped for a period of years instead of months;
- Work with eHealth Saskatchewan (eHealth) so that eHealth can audit and monitor the snooper for any electronic system eHealth is a trustee for;
- Terminate employees who have snooped intentionally and maliciously;
- Report the snooping to the professional regulatory body to whom the employee/practitioner may belong once the snooping has been investigated and substantiated;
- Disclose the details of the disciplinary action taken against the employee to the affected individual(s) and to all regional health authority employees and practitioners
Where the sides disagree is on point 6, Giles reports.
Read more about the disagreement on Global News.