Gary Dickson, Saskatchewan's information and privacy commissioner, made 21 recommendations in response to the privacy breach. Gary Dickson, Saskatchewan's information and privacy commissioner, made 21 recommendations in response to the privacy breach. (CBC)

Saskatchewan's privacy commissioner is calling for tighter rules after a pharmacist was caught improperly looking up drug information about a former patient.

On Wednesday, information and privacy commissioner Gary Dickson released a report into the 2009 incident, which involved a pharmacist at L & M Pharmacy in the east-central part of the province.

Dickson, who did not name the people involved or say what community it happened in, said the pharmacist looked up drug information pertaining to a former customer and two members of the customer's family on a provincial database.

Falling out

The pharmacist and the former patient had once been friends and had worked on a "business arrangement" together, but there had been a falling out. The business arrangement ended and "strong reactions and bad feelings" followed, Dickson said.

After that, the pharmacist improperly accessed information about the three people a total of nine times, for personal reasons, Dickson said. He used different computers to do this including his home computer.

The former customer found out about it and launched a complaint.

Dickson said the pharmacist breached the Health Information Protection Act — a key provincial law that protects people's privacy on medical matters — in a number of ways.

Dickson issued 21 recommendations for changes to the province's prescription database, L & M, Saskatchewan Health and the Sunrise Regional Health Authority to make the system more secure and preserve people's privacy.

The pharmacist was later temporarily suspended from being able to use the province's computerized pharmaceutical network.

CBC News learned the pharmacist is Darryl Leshko, who works at Melville's Royal Drug Mart — the name L & M operates under.

Leshko told CBC he looked up the information because he was worried about his former customer's health. He realizes now that was wrong and promises it won't happen again.

"I've met with the [privacy] commissioner many times and with my professional organization many, many times to try to iron this out," he said.

"Our business has developed [a] very specific policy and procedure manual which would prevent something like this from happening again."

Dickson said every pharmacy should probably have a similar policy.

Safeguards easily ignored

Dickson also said the details of the case raise general concerns about the way people in the health care field use confidential medical information.

'More attention needs to be paid to the carelessness of trustee organizations and the curiosity of health workers who know how to obtain the personal health information of patients without the patients' consent.'—Privacy Commissioner Gary Dickson

"This investigation demonstrates how relatively easy it can be for a health professional to slip past or ignore the 'safeguards' currently in place," he said in the report.

"It is clear to me that a good deal more attention needs to be paid to the carelessness of trustee organizations and the curiosity of health workers who know how to obtain the personal health information of patients without the patients' consent."

Dickson said there specifically needs to be a review of how Saskatchewan trains, approves and monitors health care workers and their use of personal health information.

He also said there should be tighter restrictions on when and where pharmacists and other health care workers can log on to computers to access such information.