Nfld. & Labrador

'Snooping' Central Health employee accessed patient diagnoses, personal info in 2-year privacy breach: CEO

The health authority's CEO says the employee had the access to a range of patients' personal information in the breach, which involved 240 patients over a two year period.

Andrée Robichaud says privacy expert to be brought in to beef up security

Central Health CEO Andrée Robichaud says the health authority is bringing in a privacy expert to comb through its security system in the wake of a breach. (Nicole Ireland/CBC)

A former employee of Central Health involved in a series of privacy breaches, spanning two years and 240 patients, had access to files containing people's personal and medical information, says the health authority's CEO.

CEO Andrée Robichaud said someone from outside the health authority alerted them on June 14 that an employee had shared a patient's personal information, and an internal audit kicked into gear.

"We saw that we had an employee with clinical responsibilities … which means he had access to the Meditech system, that had been snooping, for lack of a better word," she said.

Robichaud referred to the employee at the centre of the breach as both he and she throughout the interview. 

She refused to specify where the employee worked within the health authority, what the person's job was, or their motivations.

The employee, who hasn't been identified but no longer works with Central Health, had access to two types of files, which contained summary information of a patient in hospital, including their diagnosis, their attending physician, age, sex and even what room in the hospital they were in.

That information was stored electronically and required a user name and password.

Robichaud said because of the person's clearances, he should have known better than to go through the information.

"We had an individual with clinical responsibilities, who had gone through privacy training, knew they were not to do that, and actually broke the law," she said.

Robichaud wouldn't say where the employee worked or their role, only that they no longer work for Central Health. (Katie Breen/CBC)

Security getting a bump

While Central Health performs privacy audits weekly, designed to catch breaches, picking employees at random and checking their access as well as doing more targeted audits. But this breach fell through the cracks, prompting questions as to why. 

"We're going to go back and see if there's anything we're not doing," Robichaud told CBC Radio's Newfoundland Morning.

Every Central Health employee has to go through privacy training upon hiring, but Robichaud said Central Health will beef that up to an annual refresher, and bring in outside expertise.

"Given the size of this breach, we are going to bring in a privacy expert to look at what we're doing, and if there's anything we can improve," she said, apologizing to those people affected.

Central Health began phoning the patients yesterday, with 70 contacted so far.

Robichaud would not specify where the employee worked within the health authority, what his job was, or his motivations.

"In the industry, we see this as snooping," she said, adding that as far as she knows, the person doesn't appear to have copied any files.

Read more from CBC Newfoundland and Labrador

Clarifications

  • The CEO of Central Health referred to the employee at the centre of the privacy breach as both he and she throughout the interview. A previous version of this story included a quote, which was accurate, but only included a reference that the employee was a man. Central Health is not releasing details about the employee, including what part of the agency he or she worked.
    Jul 29, 2020 12:00 PM NT

With files from CBC Newfoundland Morning

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?

now