B.C. Auditor General John Doyle said lax security meant that, in effect, the door was open to patient information on the Vancouver Coastal Health Authority's computer system. (CBC)

The B.C. government is trying to reassure British Columbians their health information is safe following an auditor general's report that found serious weaknesses in security at the Vancouver Coastal Health Authority.

Auditor General John Doyle examined the authority's information software called the Primary Access Regional Information System (PARIS) and reported Wednesday that security was so inadequate that there was a high risk of online interlopers being able to access information.

'These issues were not acceptable'—B.C. Health Minister Kevin Falcon

He also found that thousands of staff had access to people's sensitive health records they had neither the right nor the need to see, Doyle said.

The auditor general delayed releasing his report so the health authority could remedy the problem.

"My concern was … to ensure that the door was firmly closed and bolted and that going forward there would be no risk of that information getting into the wrong hands," Doyle said.

But there was no way of telling what, if any, information had already been illegitimately accessed, he said.

NDP health critic Adrian Dix said the problems with PARIS were typical of the B.C. Liberal administration.

"It seems that the government, when it comes to information technology in general, turns its brain off."

Officials had already implemented three quarters of the recommendations in the auditor general's report, Health Minister Kevin Falcon said late Wednesday.

"These issues were not acceptable to the auditor general; they were not acceptable to Vancouver Coastal Health; and they are certainly not acceptable to me as minister," Falcon said.