Protenus’s monthly breach barometer reports attempt to hammer home the need to address and prevent insider breaches. The problem is not unique to the U.S.. Here’s a recent case out of Canada:
A pharmacist pleaded guilty to accessing health information in contravention of the Health Information Act (HIA) and received a conditional sentence order on October 16, 2017.
In October 2014, the Office of the Information and Privacy Commissioner (OIPC) received a breach report from Covenant Health where Basel Alsaadi had been employed prior to his resignation.
The investigation found that 104 individuals were affected by Alsaadi’s unauthorized accesses. Health information, including demographic information, diagnostic images and laboratory results, was accessed despite no formal patient-pharmacist relationship with the affected individuals.
The OIPC referred its findings to Crown prosecutors at Alberta Justice. Charges were laid in February 2016.
The conditional sentence of six months includes three months of house arrest with some exceptions which is to be followed by three months of a court-imposed curfew. Alsaadi was also ordered to 20 hours of community service.
Source: Office of the Information and Privacy Commissioner of Alberta.
So… is that sufficient as consequences to deter others? And where are the supports for him to avoid future problematic behavior?