Health records of 3,224 Red Deer hospital patients involved in privacy breach, health authority says
Breach involved 2 clerical workers in the hospital's diagnostic imaging department
The electronic health records of 3,224 central Alberta patients were improperly accessed by two workers at the Red Deer hospital, an internal investigation by Alberta Health Services has revealed.
In a statement issued Tuesday, AHS said the breaches took place over a two-year period and involved two clerical employees in the Red Deer Regional Hospital Centre's diagnostic imaging department.
The AHS investigation concluded that one employee had improperly accessed the patient information of 3,147 patients between October 2018 and October 2020. The patient records of an additional 77 patients were accessed by a co-worker, AHS said.
Both clerical workers involved are no longer employed by AHS, the provincial health authority said.
The workers were looking through the files with no medical reason for doing so.
The majority of the records accessed were of emergency patients, co-workers and family members, and consisted of personal demographic information and clinical records, AHS said.
'A direct violation'
AHS said the patient care and the accuracy of patient records have not been affected.
Affected patients will be notified by mail. Notifications were sent on April 12, AHS said.
"AHS takes the privacy and confidentiality of patient information seriously, and non-work related access to patient records is a clear breach of confidentiality and a direct violation of privacy and information security policies," said Janice Stewart, chief zone officer with AHS Central Zone, in a statement.
"We understand that patients trust AHS to appropriately access and safeguard their health and personal information.
"AHS remains fully committed to ensuring safeguards are in place to build this trust by preventing inappropriate access, use or disclosure of patient information."
- Reports of health-care privacy breaches spike in Alberta
- Edmonton medical clinic employee fined after admitting to health data breaches
AHS said the breach was reported to Alberta Health and the Office of the Information and Privacy Commissioner of Alberta.
It has been mandatory to report such breaches to the privacy commissioner since Aug. 31, 2018, when the Alberta government brought in changes to the Health Information Act, which governs all health regulated health professionals.