There have been numerous high profile breaches of privacy in Ontario hospitals over the past couple of years. In one case, baby photographers paid for access to maternity wards at six GTA hospitals and were provided significant patient data including the mothers’ name, type of delivery, and child’s birth
date. In another, two hospital employees at Rouge Valley Centenary released the names, addresses, and phone numbers of over 8000 new mothers between 2009 and 2013 to a company that sells Registered Education Savings Plans. And in perhaps the most famous of recent privacy breaches, former Toronto Mayor Rob Ford’s medical records were accessed by unauthorized staff at Mount Sinai and Humber River Hospital after he was diagnosed for cancer last fall.
These cases were similar in that they were all ‘intended’ breaches – the people involved knew that what they were doing was against hospital privacy policies and legislation but did it anyway. For most Ontario physicians, however, it’s ‘unintended’ privacy breaches that are of a much greater – and growing – concern.
Consider the following:
- In Sept 2013 at an eye clinic connected with Toronto Western Hospital, unencrypted USB storage sticks containing personal health data of approximately 18000 patients went missing from the office. Data on the USB sticks included patients names, addresses, phone numbers, health card numbers, and OHIP billing codes.
- In June 2013, the office of an obstetrician was broken into and a laptop was stolen containing the names, addresses, health card numbers, and OHIP billing codes of her patients.
- In Feb 2015, patient records including names, dates of birth, and even test results were found strewn along the street in Richmond Hill. It’s not clear how the breach occurred, but it’s possible the confidential documents were thrown out with regular trash.
With privacy concerns about personal health information (PHI) growing in our province and among our clients, we will be posting a series of blogs about privacy and security. We will introduce PHIPA legislation, discuss what that legislation means for doctors and for JCL Medical, as well as provide some practical guidance to our clients about steps they can take so that the above breaches don’t happen to them.