The province’s privacy commissioner has found that Medicentres contravened the province’s Health Information Act (HIA) when they failed to protect the privacy of more than 600,000 Albertans.

The investigation was launched in January after a laptop with unencrypted personal health information of 621,884 patients was stolen in September.

The laptop contained the names, dates of birth, provincial health card numbers, billing codes and diagnostic codes of the individuals seen at Medicentres between May 2, 2011, and Sept. 10, 2013.

Privacy Commissioner Jill Clayton concluded that “Medicentres contravened the HIA by failing to consider privacy risks and by failing to take reasonable steps to safeguard health information on a laptop computer.”

Clayton also found Medicentres did not provide guidance to the contracted IT consultant regarding the protection of health information.

Medicentres said that it has accepted most of the recommendations.

"We will now have a contractual requirement," said Dr. Arif Bhimji from Medicentres. "It's very difficult for us to monitor every step that an IT consultant would take, short of having them in our office and working on our system, and that is likely what we would do in the future if we would engage an IT consultant."

The stolen laptop has never been recovered.