Ontario hospital employee accesses PHI
An employee of North Bay Regional Health Centre in Ontario, Canada accessed without permission the personal health information (PHI) of thousands of patients.How many victims? 5,800.
What type of personal information? PHI for patients dating back to 2004, including names, addresses, diagnosis data, test results and prescribed drugs.
What happened? The breach was initially discovered during a privacy audit. Upon further investigation, it was determined that an unnamed employee inappropriately accessed information.
Details: Hospital officials believe the data was not shared with any other staff members or individuals outside of the hospital.
What was the response? Affected individuals were notified by letter. In light of the incident, the hospital has taken measures to improve protections for PHI and to provide additional education to employees regarding data security and privacy.
Additionally, the hospital implemented more rigorous audits to detect attempts of unauthorized access to health care data. The Ontario College of Nurses and Information and Privacy Commission of Ontario have been informed of the breach.
Source: North Bay Regional Health Centre in Ontario, news release, “Breach of Privacy Occurs at North Bay Regional Health Centre Affecting 5,800 Patients,” Sept. 6, 2011.
