Alberta’s health sector has seen a dramatic increase in the number of privacy breaches reported after Alberta’s Health Information Act made reporting of these incidents mandatory in August 2018.  Prior to the legislative change, Alberta’s Office of the Information and Privacy Commissioner (OIPC) would receive approximately 130 voluntary incident reports a year.  In the first year since reporting became mandatory, the OIPC stated that the number has jumped to well over 1,000.

Most reports concerned simple human error, such as misdirected facsimiles or emails. However, the OIPC is dealing with more consequential breaches related to inappropriate patient file access or “snooping”.  This includes the recent disappearance of an unencrypted hard drive containing personal health information of 650 patients at an Alberta health institute last August, and the inappropriate access of over 2100 health records by staff at a hospital in Red Deer earlier this year.

The news of the breaches came to light after a former Alberta Health Services (AHS) clerk was charged and subsequently fined $8,000 for unauthorized access of 81 individuals’ health records on 471 occasions. AHS has been the source of over 40 percent of the reported breaches to the OIPC.  In an interview with the CBC, AHS Vice-President Todd Gilchrist highlighted a number of steps the organization is taking to address these breaches:

  • the development of a new privacy protection and information access policy;
  • increased security training to staff;
  • mandatory privacy training modules for staff; and
  • the implementation of intelligent software that actively monitors for breaches.

Summary By: Hashim Ghazi

E-TIPS® ISSUE

19 10 30

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.