By Sarah Stone

Former PAPHR employee speaks out after record breach

Jan 29, 2015 | 10:44 AM

Note from the editor: The name of the former PAPHR employee has been withheld to protect their identity.

A person has lost their job following an investigation by the Prince Albert Parkland Health Region, and they say it has destroyed them.

On Thursday afternoon, the Prince Albert Parkland Health Region (PAPHR) held a press conference stating the confidential health records of 16 patients were breached.

CEO Cecile Hunt said the patients’ personal health information was accessed by an employee who wasn’t involved in their care.

Hunt said the PAPHR learned of a supposed breach of privacy Dec. 14, 2014.  This led to an investigation and audit of the electronic health record for Saskatchewan health care providers—eHR Viewer.  This includes laboratory information, prescription information, diagnostic imaging information, immunization information, and clinical documentation.

Battle ready

Predators set to defend title as new PGLL season approaches

4h ago

Riderville

Riders Have Options Heading into Tuesday CFL Draft

9h ago

Weekend hockey

PAGC set to host largest Senator's Cup tournament to date

10h ago

The investigation found an employee accessed patients’ information including prescription and lab results between Jan. 10, 2014 and Dec. 9, 2014. 

“This action is considered a breach under the Health Information Protection Act of Saskatchewan,” Hunt said, which led to the dismissal of the employee.

“This investigation involved the records of 16 patients and on behalf of the Prince Albert Parkland Health Region I sincerely apologize of these affected patients,” Hunt said.

“So our organization is disclosing this situation in the interest of openness and transparency.”

Letters disclosing the incident were mailed on Wednesday to patients whose records were viewed.

Hunt couldn’t speculate on the reasons why the former employee looked at records or reveal any details identifying them to protect their privacy, but paNOW spoke with the person who was dismissed on Monday.

Sitting in the living room of their home, the former employee said the situation was misrepresented.

They said 14 of the 16 records accessed were done so after receiving permission from the patients or at the request of other departments.  One was even their own health record.

“I didn’t think when staff members were requesting their own results that it was inappropriate because those are their results,” they said.  “I mean, did I think that was wrong? … Yes and no because it’s not like I was accessing them for my own personal use, they were wanting me to access them, they had consented.”

The former employee admits there were two records they had inappropriately accessed and said it was for personal reasons.

For this they felt discipline should be taken, acknowledging a mistake was made.  However, they said termination and going to the licencing board was unjustified for accessing two records and they feel they are being “made an example of.”

“I think that discipline was extreme, they (PAPHR) could have suspended me without pay because essentially I didn’t go and peddle anybody’s results, I didn’t announce to anybody anybody’s results, I didn’t use them for my personal gain,” the former employee said.

They explained they’ve spent decades working in the PAPHR and said this situation has ruined them, stating “all I want to do is work.”

“I can guarantee everybody knows it was me and I have to live in this town and have people thinking I was that horrible snoop, which I wasn’t.”

Since the incident, they said they feel abandoned by the Region despite having the support of employees.

“It’s frustrating when you have the backing of the physicians, but you don’t have the backing your own senior management team,” they said as text messages of support rang in during the interview with paNOW.

“It’s two, it’s two.  So you’re going to fire somebody after 35 years and they’ve never had a breach of confidentially.”

According to amendments to the Health Information Protection Act introduced in November 2014, people who are found ‘snooping’ medical records could face a fine up to $50,000 or a year in jail.

The stricter rules are not something always made clear.  Now, according the PAPHR, a person in the medical field is not allowed to access even their own records.

This employee isn’t alone.  Hunt said breaches could have happened in the past by other employees.

“We have perhaps in the past had reports of individuals who may have verbalized seeing clients in the health system or may have perhaps inappropriately commented on the information, they might have looked at their own records,” she said.  “If it has happened in the past we would have reviewed it and had an investigation and disciplined the individual.”

Hunt said in light of this, corrective actions have been taken to ensure this doesn’t happen again.

• Disciplinary action has been taken against the employee, and reports have been filed with the applicable professional licensing body.
• The Office of the Saskatchewan Information and Privacy Commissioner has been informed of the breach and has received a copy of the investigation report completed by PAPHR.
• eHealth Saskatchewan (the agency responsible for the eHR Viewer) and the Saskatchewan Ministry of Health have been notified.
• Increased monitoring and auditing of the eHR Viewer program is being implemented.
• An increase in employee education regarding HIPA and Electronic Health Records will be implemented.

“The audit we will implement will hopefully provide some confidence to our patients that we take this trust very seriously,” Hunt said. 

sstone@panow.com

On Twitter: @sarahstone84