Beaufort-Delta health authority says health records safe, privacy expert disagrees

The Beaufort-Delta health authority says electronic storage is the best way to ensure hospital staff aren't snooping around. But a former privacy and information commissioner says additional safeguards are needed.

Privacy expert says additional safeguards needed to keep electronic health records safe

Former Ontario Information and Privacy Commissioner Ann Cavoukian says the ease of transmission associated with electronic records also facilitates the ease of unauthorized transmission. (Colin Perkel/Canadian Press)

The Beaufort-Delta Health and Social Services Authority is assuring patients their health records are safe and remain private, though a former privacy and information commissioner of Ontario is less sure. 

The health authority's assurance comes in the wake of a possible information breach of patient health records by staff at the Inuvik Regional Hospital.

"I just want to reassure people that we have taken all steps to make sure their information is being kept private," says Arlene Jorgensen, CEO of the Beaufort-Delta Health and Social Services Authority.

While the data breach concerns electronic records, Jorgensen says electronic storage is the best way to ensure hospital staff aren't snooping around.  

"With an electronic system we actually have the capacity to do a formal audit and see what each individual has actually looked at each day and each moment."

Additional safeguards needed

Ontario's former information and privacy commissioner agrees with Jorgensen — to a point.

"[Tracking file access] is a real positive," says Ann Cavoukian, who is now the executive director of the Privacy and Big Data Institute at Ryerson University.

"But a negative on that side is that the ease of transmission also facilitates the ease of unauthorized transmission." 

Cavoukian recommends strong protocols such as quarterly audits and informing employees their digital history is being watched.

"If people know that regular, scheduled auditing is taking place it serves as a strong deterrent."

She also recommends regular and ongoing training seminars on the sensitivity of health records, especially in small Northern communities where everyone knows everyone.

A spokesperson with the Beaufort-Delta Health and Social Services Authority said many of its employees have received privacy awareness training. Employees also have to sign an oath of confidentiality for each electronic information system they access. 

The spokesperson said the N.W.T. Department of Health and Social Services is responsible for regular audits of the system. 

The health authority has hired two investigators to look into the potential data breach. If the investigation confirms inappropriate handling of hospital records, the health authority said it will immediately notify patients.

The results of the investigation are expected March 31.

The office of N.W.T.'s Information and Privacy Commissioner has also confirmed it has been notified.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.