Newfoundland and Labrador's largest health authority says one of its employees blew the whistle on another employee who had breached a number of patient records.

On Tuesday, Eastern Health said an administrative employee at a St. John's hospital breached privacy by prying into the files of about 20 clients.

Beverley Clarke, vice-president of privacy for Eastern Health, said management was informed of the breach from another employee who performed due diligence and filed an occurrence report.

"Because the employee in question had provided her with information that she felt she couldn't have gotten, unless she had looked at somebody else's medical record," Clarke told St. John's Morning Show host Anthony Germain.

"This sparked us to do a full investigation, and then we proceeded with dealing with the issue," she said. 

The employee has since resigned.

Multiple breaches

This latest breach of privacy is the fifth to come to light at Eastern Health since 2012In July 2012, Eastern Health dealt with the largest privacy breach in the province's history. Five employees were fired. The authority said one nurse deliberately accessed 122 medical records she was not permitted see.

In September of the same year, the authority revealed that the records of 46 patients at an unnamed rural clinic had been inappropriately accessed by two clerks, one of whom was fired. The other resigned.


Eastern Health says it was informed of the privacy breach from another employee who followed due diligence and filed an occurrence report. (CBC)

In April 2013, the authority reported two separate incidents in which briefcases were stolen from vehicles. One contained a patient chart and notes on 62 patients, while the other contained information on two patients. 

Clarke said Eastern Health is committed to training its employees, but indicated that some in the workforce don't get how significant the issue is. 

"All 13,000 employees, I guess, truly do not understand yet that in fact this is inappropriate," Clarke said. 

"So we continue our education, our training. Everybody has to sign an oath. We're doing the random audits. I guess we have to keep moving it forward, just really keep getting the message out there". 

Random audits

Clarke said the health authority has a software audit management package that regularly, but randomly audits all employees of Eastern Health. 

"It picks up certain things. So for example, it will look for last names, or it might look for the same address. In this particular case, the employee was looking up information related to friends and family — but those particular things were not picked up."

Clarke said the health authority has been in contact with the affected patients. 

"As of late yesterday afternoon I believe, most had been contacted. You know if there is anybody who we didn't get yesterday, well we certainly will continue trying to reach them."