Hundreds to be notified after personal patient data was breached

Patient data was inappropriately accessed by employees for reasons outside work

Hundreds to be notified after personal patient data was breached

Cyber

By Lyle Adriano

The Nova Scotia Health Authority (NSHA) has revealed that it is contacting 337 individuals after six of its employees had looked up the personal information of patients.

The staff members in question were then working in the agency’s central zone, which includes the Halifax and West Hants facilities. It was also confirmed that said staff members did not work at the IWK Health Centre.

Colin Stevenson, NSHA vice-president of quality, system performance and transformation, told CBC that the breaches were discovered after two separate investigations.

Search and compare product listings for Cyber Insurance from specialty market providers here

The first investigation was launched after a patient lodged a complaint in July 2016. NSHA subsequently discovered that three staff members inappropriately accessed the records of some 244 people. The investigation wrapped up in January, but the agency said it took several months to identify the affected patients.

The remaining breaches were discovered after a manager flagged unrelated concerns in January this year. NSHA conducted an audit and found three other employees had accessed 93 patient files.

All 337 cases involve electronic medical records.

While Stevenson could not say what type of information the staff looked up, he did elaborate that the data unlawfully accessed was “beyond what is necessary for them to perform their work.”

“Based on the investigation, it doesn’t appear any of the information that was accessed was shared outside of the organization or with others. However, any breach for us is significant,” he explained.

Stevenson offered assurances that the NSHA has reported both cases to Nova Scotia’s information and privacy commissioner. He also said that disciplinary actions are taken when staff members do not follow policies and violate patient privacy, but did not reveal whether the staff members involved were punished or if they are still employees.


Related stories:
Major data breach at health insurer Bupa – report
Trump hotels in Canada suffer cyber security breach

Keep up with the latest news and events

Join our mailing list, it’s free!