Eastern Health Authority in Newfoundland has reported a second breach in three months. This one involves the theft of a physician’s briefcase.
Their statement:
June 8, 2016 – St. John’s, NL: Eastern Health advised today that it has experienced an accidental breach of privacy of 34 of its patients. The accidental breach occurred when a physician’s car containing a briefcase with patient files was stolen on the evening of June 5, 2016. The briefcase and 29 patient files have been recovered at this time; five patient files remain missing.
“I regret that this incident occurred, and I apologize to all of the patients whose privacy has been accidentally breached,” said David Diamond, President and CEO of Eastern Health. “We will make every effort to learn from this accidental privacy breach as we continue to further strengthen our privacy and confidentiality practices.”
Eastern Health has identified all the patients who have been impacted by the accidental privacy breach, and has been working with the physician, who is contacting those affected to advise them of the breach.
“We recognize that it is discouraging when these breaches occur,” said Ron Johnson, Vice President Responsible for Privacy. “And we take action to reinforce awareness among all health-care workers of their obligation to maintain the privacy of our patients, residents and clients.”
As part of Eastern Health’s commitment to protect the confidentiality of the health information it holds in its custody, it has established a number of policies and initiatives for employees, including:
- the signing of an employee oath of confidentiality upon hiring;
- a Personal Health Information Act education program;
- a Privacy and Confidentiality Policy and a Privacy Breach Management Policy;
- an annual Privacy Awareness Week (May 16-20, 2016); and
- notices to employees reminding them of their responsibility to help protect the privacy of patients, clients and residents.
Also, as a routine practice, Eastern Health reports any material breaches of patient privacy, whether accidental or willful, to the Office of the Information and Privacy Commissioner.
It is Eastern Health’s top priority to protect the privacy and confidentiality of individuals’ personal health information, and it holds its responsibility to the public and as a custodian of personal health information in the highest regard.