Privacy commissioner urges disciplinary action against doctor
Dr. Fernando Rojas Lievano accessed patient files of 141 women over 28 months
The province’s privacy commissioner is recommending a Moncton doctor face disciplinary measures and provincial charges after he accessed medical files of 141 women during a two-year period.
The report makes five recommendations to the Vitalité Health Network:
Vitalité should consider disciplinary measures against Rojas
Vitalité should consider charges under the Provincial Offences Procedures Act
Random audits of access to electronic patient records be made more frequent
The authority quickly limit or restrict access to patient records when any suspicious activities are found
- Continue the limits on Rojas’s access to the electronic patient records system and impose ongoing monitoring
Vitalité issued a statement on Thursday, saying it just received the report and will need to take time to review its conclusions and recommendations.
Meanwhile, the health network will continue with its own internal investigative process, the statement said.
"Our final report as well as recommendations will be submitted in the fall of 2014.
"Vitalité Health Network will not make any additional public statements before the conclusion of its internal investigative process."
Doctor still employed
The doctor is still employed by Vitalité, but has been "absent from his place of work since the end of February," the statement said, without explaining why he's not working at the hospital.
New Brunswick's privacy commissioner can only make recommendations and cannot order fines or force government agencies to follow her advice.
The report, however, used strong language to reinforce the findings.
Bertrand said she "strongly recommends" both disciplinary measures against the doctor and charges because of the "scale of unlawful accesses committed" by Rojas.
The report confirmed the women were not the doctor’s patients and he told the commissioner that “he was looking at these patient files out of personal interest and to find out their age.”
“The ages of these women were between 13 and 39. Dr. Rojas Lievano also accessed the same patient files several times over the course of the audit period, from a few times to a considerable number of times,” the report said.
The report explained how Rojas’s unauthorized visits to these medical files were caught in an audit of the electronic patient record system.
Audit process should be strengthened
It also details how two additional audits were carried out as the scope of the privacy breach became known to the health authority’s administration. A retrospective audit was launched in April 2013 that examined the doctor's access to patient records from Sept. 1, 2010, to Jan. 18, 2013.
Bertrand’s report described meetings between the authority’s administration and Rojas over the privacy breach.
“During that meeting, Dr. Rojas Lievano was visibly shaken and stated that it was poor judgment on his part. He admitted to not having had the permission to access the patient records in question,” the report said.
“Dr. Rojas Lievano failed to provide any other reason for having accessed these records. Dr. Rojas Lievano qualified his actions by adding that he had neither copied nor communicated any of the information he had viewed in the electronic health records of these patients.”
The privacy commissioner’s report is making recommendations to strengthen Vitalité’s audit process to catch future breaches more quickly or to prevent other health professionals from making future unauthorized visits to patient records.
“By instituting more frequent random audits, suspicious activities will be detected more quickly; equally important, more frequent random audits will also serve as a deterrent to all users to only access electronic patient records when authorized,” the report said.
Bertrand's report also noted how unauthorized access to patient files is on the increase in Canada.