Skip to content
Join our Newsletter

2 health workers fired in breach that included high-profile people

Island Health is notifying patients affected by its largest privacy breach of medical records, in which two non-clinical support staff snooped through the files of 198 family, friends and prominent people.
Hospital computer screen generic photo

Island Health is notifying patients affected by its largest privacy breach of medical records, in which two non-clinical support staff snooped through the files of 198 family, friends and prominent people.

“Let me first say to the patients’ whose privacy was compromised, how deeply sorry I am on behalf of Island Health,” said Kathy MacNeil, Island Health’s executive vice-president of quality, safety and experience.

“We are profoundly disappointed that the actions of these two individuals violate the values and high ethical standards we all strive for at Island Health.”

The privacy breaches were discovered in early April as part of a routine audit that looks for suspicious patterns. The employees’ access privileges were immediately revoked and the B.C. Office of the Information and Privacy Commissioner was notified.

A team of Island Health investigators reviewed information dating from January 2015. They found two Victoria-based support employees — working in different locations but with the same job classification — looked through the records of 198 patients.

The employees were fired.

The patients all used Island Health facilities. Some live outside the health authority’s region, but all live within Canada.

More patient files might have been breached, but Island Health determined it was unreasonable with regard to time and money to search back further. The two support staff had been employed since 2012 and 2013.

The employees used their access privileges to search the electronic health records of a broad range of people including family, friends, co-workers and high-profile people, MacNeil said.

The health authority would not elaborate on what information the workers saw. Citing privacy reasons, the health authority would not identify the employees.

The degree of access an Island Health employee has to a patient file depends on their job function.

Some support staff have limited access to patient demographics, for instance, while the two employees who breached patient files had “a fair amount of access,” MacNeil said.

Under their employment terms, Island Health staff are allowed access to the records only of patients in their care or for work-related reasons.

This is the third privacy breach of this nature in two years, bringing the total to 349 patient files breached since 2014.

Island Health rejects the notion there is a “culture” of snooping among employees.

There is extensive, ongoing education and awareness for staff and physicians, and all know that unauthorized access to patient files is wrong, said the health authority.

If an employee with access privileges wants to snoop, it would be hard to stop them, MacNeil acknowledged. “At the end of the day, the choice is one that we make as human beings — despite all of what we know to be right and wrong.” MacNeil said.

“Thankfully, at the end of the day, the large, large majority of our people make the right choice and it’s just really, really unfortunate that two people had the ability to have this kind of impact for 198 people.”

The health authority employs more than 18,000 people.

The office of B.C. privacy commissioner Elizabeth Denham said it is working with Island Health to help prevent such breaches from happening.

About 85 per cent of the 198 patients have been contacted by phone or letter in the past three weeks.

Their reactions have ranged from moderate to “very much upset,” MacNeil said.

A long-term Central Vancouver Island health professional was fired in April last year for looking at electronic records, between January and November 2014, of 39 patients, including family, friends and co-workers.

In a case uncovered in October 2014, two nurses, each aware of what the other was doing, were fired for viewing the electronic files of 112 family, friends and co-workers between January 2012 and October 2014.

ceharnett@timescolonist.com