Central Health apologizes to 240 patients after employee accesses private records
The health authority won't say if the employee is no longer working there due to the breach
Central Health is apologizing after an employee "inappropriately accessed" the health records of 240 patients — over a span of two years.
An initial press release on Tuesday morning said that all 240 people who were affected were being called to alert them to the breach. No timeline for the breach was provided.
However, in response to multiple questions from CBC News, a spokesperson said that in fact, there were several breaches over the course of two years.
"Central Health was made aware of a potential individual privacy breach on July 14, 2020. Upon investigation of the individual breach, other breaches were found. The breaches extend back approximately two years ago and affect approximately 240 individuals," reads an emailed response from a spokesperson late Tuesday afternoon.
The person involved in the breach is no longer working for the health authority, a media spokesperson for Central Health clarified Tuesday afternoon.
However, it's not clear if the staff member is no longer working with the health authority because of the breach, as Central Health said it will "not be providing any details regarding the individual's employment end date and reason for departure."
When asked when the employee accessed the records, or the time frame related to the breach, a spokesperson replied, "The first breach happened approximately two years ago."
"We take confidentiality and privacy very seriously and sincerely regret this has happened.… Central Health has zero tolerance for any such privacy breach," Andrée Robichaud, president and CEO of Central Health, said in the media release posted to Twitter on Tuesday morning.
Online records were accessed, viewed
The health authority says that becoming aware of the privacy breach, "it launched an investigation and took steps to prevent further incidents."
What is also not clear, however, is what those extra steps are the health authority took to prevent more breaches of patient's privacy.
Central Health says the electronic records were viewed online, and getting access to them required a user name and a password.
Central Health "completes routine and targeted audits of employee access for protection of privacy," reads the media release.