Personal information of 3 QEH patients compromised by employee: P.E.I. Privacy Commissioner
Investigation into larger privacy breach at hospital ongoing
An employee at Charlottetown's Queen Elizabeth Hospital inappropriately accessed the private health information of three patients, according to a new report published by P.E.I.'s Information and Privacy Commissioner.
Commissioner Karen Rose's report on the privacy breach and how it was handled follows a complaint last summer to Health PEI by one of the patients, and a subsequent audit and investigation by the agency.
"Health PEI's audit ... confirmed that the employee accessed electronic medical records of three individuals, and that the access was not necessary for the employee's job," Rose wrote in her report.
'To find their room numbers'
According to the report, days after the complaint came in last July Health PEI met with the employee, who works at the hospital but is not authorized to access patients' electronic charts — including accessing them to look up hospital room numbers.
Those charts include information like patient demographics, test results and medication.
Such invasions of patient privacy inevitably lead to loss of trust in health care providers.— Karen Rose,
The employee explained they knew all three patients — two of whom were family members — and that they only accessed the charts "to find out their room numbers to visit them."
According to the commissioner's report, Health PEI accepted that explanation, and determined the employee did not publicly disclose any of the patients' personal health information to anyone else.
The agency ultimately allowed the employee to return to work under a performance management plan. That includes further training, regular audits and a requirement that the employee "not process the complainant's personal health information in the future."
In her report, Rose concluded Health PEI "adequately investigated" the privacy breach, and has taken "reasonable measures" to prevent further breaches by the employee.
"Health PEI demonstrated that it understands the serious consequences of unauthorized access to patients' electronic health records," Rose wrote.
"Such invasions of patient privacy inevitably lead to loss of trust in health care providers, and in the health care system."
In her report Rose recommended Health PEI remind all users that electronic medical records are not be accessed for reasons unrelated to their employment duties.
Larger QEH breach still under review
The commissioner and Health PEI continue to investigate a much larger privacy breach by a former QEH employee.
The agency revealed last fall the former employee had accessed 353 patient files in breach of hospital privacy rules.
Health PEI launched a review of the incident, partly to see how policies and procedures could be improved.
Rose said the privacy commission's own report on that case will likely be published by early September.