Thousands of patients told health info stolen
Thousands of patients in the Capital Health region are being told some of their private information is missing after four laptops were stolen from an office.
The theft happened back in May, butthe Edmonton-area health authority is only revealing the problem now, saying the risk of "patient data being compromised is very low."
Letters informing 20,000 patients about the theft started going out this week.
Spokesman Steve Buick said the reason they took so long to inform the public is because they wanted to consult with the Privacy Commissioner.
"There's no particular urgency to this, no one's health is going to be compromised," he said.
Thelaptops had cable lock devices to secure them tostaff desks in a secure building, but the thieves managed to steal them in the evening, said the health authority. Only one of the four computers had patient information on it, information that is only available by getting past two passwords.
Both police and the Alberta privacy commissioner's officeare investigating.
Calgary Health Region laptop stolen last year
Last year, Calgary's health authority was slapped on the wrist by the privacy commissioner after a laptop containinga database of more than 1,000 children in a mental health programwas swipedfrom the home ofa counsellor involved in the program.
The commissioner's office concluded that the risk of identity theft was low, but couldn't be ruled out.
"For the most part, the Calgary Health Region does a good job protecting information, and has been taking steps to improve security. Unfortunately, they failed to recognize and address the risks of mobile computing in this program area," said investigator Brian Hamilton in a statement.
The mental health care program wasn't following Calgary Health Authority policies that would have protected the information contained in the laptop, according to the privacy office.
The information was protected by passwords but encryption technology wasn't used and a motivated individual could access the data.
As well, the privacy office recommended that program workers should only have the information they need on their laptops, not entire program files.