Close to 200 people across Canada have had their health records accessed in the largest Vancouver Island Health Authority privacy breach to date.
Island Health became aware of the breach after a routine audit in April to monitor the legitimacy of staff access to patient records. Shortly after, an investigation was launched and the B.C. Office of the Information and Privacy Commissioner was notified.
Earlier this week, Island Health confirmed two employees in Victoria gained access to the personal demographic information including the age, name, and addresses of 198 individuals, many of whom were family friends, coworkers and public celebrities both from the region and those who came to the Island from other parts of Canada seeking medical care.
Kathy MacNeil, executive vice president, quality safety and experience with Island Health, said she is “deeply sorry” to the patients whose privacy was compromised.
“We are profoundly disappointed that the actions of these two individuals violate the values and high ethical standards that we all strive for at Island Health” she said. “Patient privacy and confidentiality is a high priority at Island Health and one that we take very seriously . . . we regret that this happened and we continue to review our practices to ensure privacy is upheld.”
The two individuals, one who had been with Island Health since 2012 and the other since 2013, have since been fired. They were non-clinical support staff that supported clinical teams.
MacNeil said they did not have a requirement to access that information as part of their role, adding she couldn’t speculate on a motive for why the individuals accessed the information, nor could she say if family and friends consented to have the individuals access their private information.
Roughly 85 per cent of individuals who have had their privacy breached have been notified by a phone call or letter and Island Health is in the process of contacting the remaining individuals.
This isn’t the first privacy breach at Island Health.
In November 2014, two employees accessed the electronic health records of 112 individuals in order to “satisfy their curiosity” about patients. Both were caught and let go after the fact, following a month-long internal investigation.
Island Health maintained it is providing ongoing educations and awareness for staff and physicians related to privacy.