DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Employee in Prince Albert snooped into ex-husband’s, daughter’s medical files

Posted on April 13, 2016 by Dissent

CBC reports:

Snooping into someone’s medical data is a breach of privacy rules, but secretly conducting urine tests is not, Saskatchewan’s privacy and information commissioner says.

A Saskatchewan man complained to the privacy commissioner last year that his ex-wife poked into health information and performed urine tests at a hospital in the Prince Albert area when it wasn’t her job.

It was alleged that the ex-wife —  a combined laboratory and x-ray technologist in the Prince Albert Parkland Health Region — snooped into the records of the ex-husband and their daughter and also tested the daughter’s urine.

However, with respect to the urine, there were no records created, nor data entered into the health region’s computer system, so it’s not a privacy issue, commissioner Ron Kruzeniski ruled April 5.

For that reason, Kruzeniski said the urine case is a worker conduct or misconduct issue.

Read more on CBC.ca.

Does the mother have physical and legal custody of the child? The privacy issue should not rest solely on whether any records were created or entered into the health computer system, but whether the mother had the right to test her daughter’s urine at all or if the father’s consent was required, too, etc.

Update: Okay, I found the Commissioner’s report on the complaint, which explains that the mother ran a (disposable) chem strip on the urine sample. This paragraph explains why it was not a privacy breach under HIPA:

Based on what has been provided by PAPRHA, it does not appear that PAPRHA has custody or control of any personal health information involving the Complainant’s daughter as it relates to the urine samples or the results of testing them. Therefore, HIPA would not apply. The collection and testing of the daughter’s urine samples without a physician’s order is a matter of professional conduct (or misconduct) and not a privacy matter under HIPA. My office has no jurisdiction over matters of professional conduct. Therefore, this Investigation Report will only address the first issue.

Category: Health DataInsiderNon-U.S.

Post navigation

← Another Greenshades client reports tax filing problems
Journalist gets two years in prison for hacking L.A.Times computers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)
  • RCMP thumb drive with informant, witness data obtained by criminals: watchdog

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Meta AI app is a privacy disaster – TechCrunch
  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
  • Norwegian Data Protection Authority’s findings on tracking pixels: 6 cases
  • Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025
  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.
  • India publishes consent management rules under Digital Personal Data Protection Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.