Ontario hospital employee accesses PHI

Share this article:
An employee of North Bay Regional Health Centre in Ontario, Canada accessed without permission the personal health information (PHI) of thousands of patients.

How many victims? 5,800.

What type of personal information? PHI for patients dating back to 2004, including names, addresses, diagnosis data, test results and prescribed drugs.

What happened? The breach was initially discovered during a privacy audit. Upon further investigation, it was determined that an unnamed employee inappropriately accessed information.

Details: Hospital officials believe the data was not shared with any other staff members or individuals outside of the hospital.

What was the response? Affected individuals were notified by letter. In light of the incident, the hospital has taken measures to improve protections for PHI and to provide additional education to employees regarding data security and privacy.

Additionally, the hospital implemented more rigorous audits to detect attempts of unauthorized access to health care data. The Ontario College of Nurses and Information and Privacy Commission of Ontario have been informed of the breach.

Source: North Bay Regional Health Centre in Ontario, news release, “Breach of Privacy Occurs at North Bay Regional Health Centre Affecting 5,800 Patients,” Sept. 6, 2011.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.