Ca: 19 patients affected in ‘accidental’ Eastern Health privacy breach
CBC News reports:
Eastern Health is calling a privacy breach involving 19 patients at a travelling clinic in Happy Valley-Goose Bay “accidental.”
“I apologize to all of the patients, as well as their families, for this accidental material breach,” said Eastern Health CEO David Diamond in a news release Wednesday.
The health authority said the personal information of some patients went missing during an orthopedic travelling clinic from June 6 to 10. All those affected were patients of the Janeway Children’s Hospital.
There’s no word on how the breach occurred.
Read more on CBC. Here is Eastern Health’s full statement:
October 12, 2016: St. John’s, NL: Eastern Health advised today that it has experienced an accidental breach of privacy of 19 patients from its Rehabilitation Program. The accidental breach occurred following an orthopedics travelling clinic in Goose Bay, Labrador from June 6-10, 2016. Missing are partial files containing information of patients of the Janeway Children’s Health and Rehabilitation Centre.
“Although we have no reason to believe that the information has been misused, I apologize to all of the patients, as well as their families, for this accidental material breach,” said David Diamond, President and CEO of Eastern Health. “We share with employees the responsibility of protecting the privacy of those who entrust their personal information with us, and we take that responsibility very seriously.”
Eastern Health has identified all the patients who have been impacted by the accidental privacy breach, and has been working with the Rehabilitation Program, who is contacting patients to advise them of the breach. The Office of the Information and Privacy Commissioner has also been notified by Eastern Health who reports all material breaches of patient privacy, whether accidental or willful.
“We will make every effort to learn from this accidental privacy breach as we continue to further strengthen our privacy and confidentiality practices,” said Ron Johnson, Vice President responsible for Privacy. “In addition to the measures we already have in place to ensure patient privacy, we are always investigating ways to improve and enhance privacy. And we continue to take action to reinforce awareness among all health-care workers of their obligation to maintain the privacy of our patients, residents and clients.”
As part of Eastern Health’s commitment to protect the confidentiality of the health information it holds in its custody, it has established a number of policies and initiatives for employees, including:
- the signing of an employee oath of confidentiality upon hiring;
- a Personal Health Information Act education program;
- a Privacy and Confidentiality Policy and a Privacy Breach Management Policy;
- an annual Privacy Awareness Week; and
- notices to employees reminding them of their responsibility to help protect the privacy of patients, clients and residents.
There are incidences when it is appropriate for employees of Eastern Health to have personal health information outside of its facilities, such as during the provision of care and service delivery. Eastern Health has policies in place to help guide the security of personal health information while it is in use on its property, and when employees are off-site or in-transit.
It is Eastern Health’s top priority to protect the privacy and confidentiality of individuals’ personal health information, and it holds its responsibility to the public and as a custodian of personal health information in the highest regard.