Ontario’s Privacy Watchdog slammed the hospital for its continued lack of ability to track a staff’s access to patient files, a year after a large privacy breach was discovered.
The privacy commissioner has ordered the hospital to implement a system that allows the hospital to track all access to patient files, along with implementing policies on privacy training, privacy awareness and privacy breach management. The hospital should also do random audits on all user’s activities. Currently, the hospital can only see the files a staff member has accessed within the last two weeks, according to the Toronto Star. The hospital must comply by September 2015.
Last year, the hospital discovered two instances of staff selling information of about 14,000 new mothers to RESP companies. One staff member voluntarily turned themselves in and the other employee was discovered after an internal investigation when photocopies of information were found in a machine. Both staff members are no longer employees of the hospital.
“Over the last decade we have seen a growing number of privacy breaches involving unauthorized access to personal health information by staff within the health sector,” Acting Information and Privacy Commissioner of Ontario Brian Beamish in a statement. “Whether it is being done out of curiosity, or as in this case for financial gain, it is simply unacceptable.”
He also told the Star that health care practitioners have an obligation to ensure there are safeguards in place to protect information from this kind of activity.
In June, patients whose privacy was breached filed a $400 million class action lawsuit against the hospital. The lawsuit claims defendants are liable for “damages for breach of contract, breach of warranty, breach of confidence, intrusion upon seclusion, negligence, and conspiracy,” and punitive damages, along with expenses related to costs to prevent identity theft, mental distress, frustration and anxiety, according to the Star. The lawsuit names the hospital, the two former employees involved in the breach, the RESP company that bought the information and an unnamed employee of the RESP company.
In the past few months, there have been many stories about privacy breaches related to healthcare records, including those of former Mayor Rob Ford after he started cancer treatment. When you share information related to any health issues, patients have a reasonable expectation that this information will only be shared with other health care professionals to assist your needs and well-being.
If you’ve been injured by negligence by a doctor or healthcare worker, you can be compensated. The personal injury and accident lawyers at Neinstein have been handling all types of injuries for over 40 years including injuries from medical malpractice. We understand the impacts injuries can have on your life and we know how to help you. Call us at 416-920-4242. Set up a free consultation and come talk with us.