A nurse at Jim Pattison Children’s Hospital in Saskatoon, Canada, unlawfully accessed 314 patient records. The incident, which occurred between August and December 2021, was reported by Saskatchewan’s Information and Privacy Commissioner. The nurse, referred to as “Snooper,” accessed the records without any legitimate need, using an SHA laptop while on leave. The Saskatchewan Health Authority (SHA) discovered the breach and reported it to the Commissioner.
The accessed information included sensitive personal health data, such as names, contact details, and health card numbers. Six of the affected patients were co-workers of the nurse, and some records had confidentiality flags that required special clearance to view. The nurse admitted to unauthorized access and was terminated by the SHA. However, the College of Registered Nurses of Saskatchewan had not revoked the nurse’s license as of the report’s publication.
The SHA acted to contain the breach but faced criticism for inadequate and delayed notifications to the affected individuals. The Saskatchewan Information and Privacy Commissioner also criticized the SHA’s lack of a proper auditing policy for health information systems. The commissioner recommended that the SHA forward the investigation to the Ministry of Justice to assess whether charges should be laid under the Health Information Protection Act.
The report highlights the ongoing issue of snooping in healthcare and its impact on patient privacy. The Commissioner emphasized that protecting personal health information is crucial for maintaining trust in healthcare providers. If patients cannot trust that their data is secure, it could negatively affect the quality of care they receive.
Reference:
