Nova Scotia

Capital Health doesn't look for privacy breaches

The Capital District Health Authority says though privacy breaches are rare, it does not actively look for violators.

The Capital District Health Authority says though privacy breaches are rare, it does not actively look for violators.

The health authority revealed Tuesday that a former employee accessed the files of more than 120 patients without authorization.

Employees at Capital Health who access patients health records require an account and a password, but once they have that, there are no checks to make sure they aren't breaching privacy.

Former employee Katharine Zinck Lawrence repeatedly breached the privacy of more than 100 patients over a period of at least six years.

Lawrence admitted what she did was wrong but that she did it because it was easy.

She also said she wasn't the only one doing it.

Lawrence was caught after she made an off-hand remark to a nurse about checking her father's records to see if he had a medical appointment.

The nurse reported it to her manager.

Capital Health said it does not do any random audits. It only investigates if it receives a complaint.

The health authority said it has confidence in the integrity of their employees, according to spokesman John Gillis.

"The situation that's deliberate and a breach of trust, if it's a person that had that responsibility entrusted to them and decides to violate it, at the end, we can't stop it," Gillis said.

Capital Health is taking steps to enhance its electronic security, he said.

Capital Health purchased software that will look for any suspicious activity in the system, but it can't say when that will be up and running.

Health Minister Maureen MacDonald said Thursday protecting patients privacy is a significant concern.

The province said its bringing in new regulations that could see violators fined up to $10,000, she said.