The Beaufort-Delta Health and Social Services Authority is assuring patients their health records are safe and remain private, though a former privacy and information commissioner of Ontario is less sure. 

The health authority's assurance comes in the wake of a possible information breach of patient health records by staff at the Inuvik Regional Hospital.

"I just want to reassure people that we have taken all steps to make sure their information is being kept private," says Arlene Jorgensen, CEO of the Beaufort-Delta Health and Social Services Authority.

While the data breach concerns electronic records, Jorgensen says electronic storage is the best way to ensure hospital staff aren't snooping around.  

"With an electronic system we actually have the capacity to do a formal audit and see what each individual has actually looked at each day and each moment."

Additional safeguards needed

Ontario's former information and privacy commissioner agrees with Jorgensen — to a point.

"[Tracking file access] is a real positive," says Ann Cavoukian, who is now the executive director of the Privacy and Big Data Institute at Ryerson University.

"But a negative on that side is that the ease of transmission also facilitates the ease of unauthorized transmission." 

Cavoukian recommends strong protocols such as quarterly audits and informing employees their digital history is being watched.

"If people know that regular, scheduled auditing is taking place it serves as a strong deterrent."

She also recommends regular and ongoing training seminars on the sensitivity of health records, especially in small Northern communities where everyone knows everyone.

A spokesperson with the Beaufort-Delta Health and Social Services Authority said many of its employees have received privacy awareness training. Employees also have to sign an oath of confidentiality for each electronic information system they access. 

The spokesperson said the N.W.T. Department of Health and Social Services is responsible for regular audits of the system. 

The health authority has hired two investigators to look into the potential data breach. If the investigation confirms inappropriate handling of hospital records, the health authority said it will immediately notify patients.

The results of the investigation are expected March 31.

The office of N.W.T.'s Information and Privacy Commissioner has also confirmed it has been notified.