Patient records breached 8 times in last year, confirms N.W.T. health dept.
1 case involved 'snooping,' 5 cases were deemed accidental, 2 cases were found to be intentional
Over the last year, there have been eight privacy breaches of patients' information, according to the N.W.T. health department.
A CBC investigation has found that nationwide the personal health information of hundreds of patients is breached every year, but many provinces don't have legislation in place that requires hospitals, doctors and other health care providers to notify the people affected.
That hasn't been the case in the N.W.T. since Oct. 1, 2015, when the Northwest Territories Health Information Act came into effect. It's now mandatory that privacy breaches are reported and the act defines what constitutes a breach.
As part of the investigation, CBC News surveyed privacy commissioners and health authorities across the country. In its response, the N.W.T. Department of Health and Social Services confirmed eight privacy breaches related to health records.
A breach could be anything from someone accidentally sending records to the wrong destination, to someone stealing health information and selling it. Personal health information can identify a person's health and health care history, the type of services accessed, or their health care number.
One instance in the N.W.T. involved "snooping;" five cases were deemed "unauthorized disclosure, accidental, non-malicious;" two other disclosures were found to be non-malicious but intentional.
The department said the breaches involved paper records, emails, a portable device and, in one case, a verbal breach.
As of Aug. 31, 2016, none of the breaches have resulted in prosecutions or other sanctions. However, the department said in its response that the breaches have led to changes in policies and procedures, which include additional training and tightening processes around its electronic information system.
The N.W.T. Information and Privacy Commissioner has also made recommendations related to patient consent, public awareness, policy development and electronic safeguards.
History of breaches
Privacy breaches at hospitals and health centres in the N.W.T. have made headlines over the last few years.
This past February, the Beaufort Delta Regional Health Authority apologized after employees at the Inuvik hospital had "repeated and inappropriate" access to patient records. Letters were sent to 67 patients informing them of the breach and the staff were disciplined.
In November 2014, a doctor at Yellowknife's Stanton Hospital lost a USB drive containing names, health care numbers and personal medical information for over 4,000 patients. The affected patients were informed, and the USB drive was found a month later.
That same year the N.W.T. Department of Health mailed 195 health care cards to the wrong addresses due to a spreadsheet sorting error. The deputy minister said there were no privacy concerns associated with the mistake, but the department reduced the number of people who work on files that contain personal data.
In 2010, the hospital imposed a ban on faxing any medical documents after the CBC North newsroom fax machine received patients' test results on four separate occasions from health authorities in the N.W.T. The newsroom received two more faxes with medical information in 2012 from health centres in Nunavut and Fort Providence, N.W.T.
with files from Curtis Mandeville