An Orillia hospital has caught four clerical employees peering into patient files.
Some 52 patients of Soldiers’ Memorial Hospital had their personal health information breached over the last five years, hospital spokesperson Terry Dyni confirmed Monday.
In the worst case, a clerk looked at 43 patient records.
“Curiosity was the reason. Through our investigation into this matter, (the hospital) is confident that the access information was not shared,” Dyni said.
All four privacy breaches were identified through routine hospital audits.
The hospital informed the Office of the Information and Privacy Commissioner of Ontario of the large breach, but not about the three smaller ones. Police were not informed of any.
“As it’s not mandatory to notify the (privacy commissioner) of all breaches, hospitals have to make a judgment call as to when it is appropriate to notify. The tendency moving forward will be to notify more often than not, and we are currently addressing that in our policy that’s under revision,” Dyni said.
Curiosity was also the reason behind the three smaller breaches, and there is no suggestion information was disclosed to anyone in those cases, he said.
All four employees have been disciplined. Dyni said he was not at liberty to discuss specifics of the disciplinary action, but noted that three of the clerks are no longer working at the hospital.
The fourth is being “monitored closely,” he said.
In two of the smaller cases, clerks snooped into the files of four patients, including ones they were related to. All affected patients have been informed.
Dyni said the hospital is taking steps to help prevent privacy breaches in future. It is bringing in a new electronic medical record system this year, which has better controls on patient access. In addition to providing new employees with privacy training, workers are also receiving mandatory annual training.
“(The hospital) takes patient privacy very seriously. We are committed to (the) Personal Health Information Protection Act and will do everything we can to ensure patient information is protected,” he said.
This is the latest case of a hospital privacy breach found by the Star. The problem appears widespread. Other hospitals that have found employees violating patient confidentiality include the University Health Network, Centre for Addiction and Mental Health, Trillium Health Centre, Humber River Hospital, Mount Sinai Hospital and the Rouge Valley Health System.