Nfld. & Labrador

Central Health apologizes to 240 patients after employee accesses private records

Central Health says an employee at the time, but who is no longer with the health authority, accessed the medical records of 240 patients, and that the privacy breaches stretch back to two years ago.

The health authority won't say if the employee is no longer working there due to the breach

Central Health says it 'took steps to prevent further incidents,' but did not say what those steps were. (Katie Breen/CBC)

Central Health is apologizing after an employee "inappropriately accessed" the health records of 240 patients — over a span of two years. 

An initial press release on Tuesday morning said that all 240 people who were affected were being called to alert them to the breach. No timeline for the breach was provided. 

However, in response to multiple questions from CBC News, a spokesperson said that in fact, there were several breaches over the course of two years.

"Central Health was made aware of a potential individual privacy breach on July 14, 2020. Upon investigation of the individual breach, other breaches were found. The breaches extend back approximately two years ago and affect approximately 240 individuals," reads an emailed response from a spokesperson late Tuesday afternoon. 

The person involved in the breach is no longer working for the health authority, a media spokesperson for Central Health clarified Tuesday afternoon.

However, it's not clear if the staff member is no longer working with the health authority because of the breach, as Central Health said it will "not be providing any details regarding the individual's employment end date and reason for departure."

When asked when the employee accessed the records, or the time frame related to the breach, a spokesperson replied, "The first breach happened approximately two years ago."

"We take confidentiality and privacy very seriously and sincerely regret this has happened.… Central Health has zero tolerance for any such privacy breach," Andrée Robichaud, president and CEO of Central Health, said in the media release posted to Twitter on Tuesday morning. 

Online records were accessed, viewed

The health authority says that becoming aware of the privacy breach, "it launched an investigation and took steps to prevent further incidents."

What is also not clear, however, is what those extra steps are the health authority took to prevent more breaches of patient's privacy. 

Central Health says the electronic records were viewed online, and getting access to them required a user name and a password. 

Central Health "completes routine and targeted audits of employee access for protection of privacy," reads the media release. 

Read more from CBC Newfoundland and Labrador

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

now