Here's a long list of health privacy breaches in the N.W.T. - Action News
Home WebMail Tuesday, November 26, 2024, 05:02 AM | Calgary | -16.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
North

Here's a long list of health privacy breaches in the N.W.T.

Here's our comprehensive list of health privacy breaches in the Northwest Territories since 2010.

CBC has reported on 15 serious privacy breaches since 2010

The long, long list of health breaches in the N.W.T.

6 years ago
Duration 3:44
There have been at least 15 health breaches in the territory over the past eight years. CBC's John Last recounts them all.

Last week, CBC News reported that abox filled with hundreds of highly personal and fully intact health records some as much as 20 years old was discovered at adump in Fort Simpson, N.W.T.

It's the latest in a long list of health privacy breaches in the territory.

In the past eight years, CBC has reported15 serious privacy breaches in the Northwest Territories they range from losing private health data for 80 per cent of the territory to faxing personal test results to the CBC newsroom.

Here's alist of known health privacy breaches since 2010:

May-July 2010: Patient data faxed to CBC newsroom

A doctor.
Just in the past eight years, the CBC has reported on more than 15 serious privacy breaches in the N.W.T. from losing private health data for 80 per cent of the territory to faxing personal test results to the CBC newsroom. (iStock)

In the summer of 2010, a rash of errant faxes delivered highly personal medical forms and test results directly to the CBC newsroom.

It began in May, when a clinic in Norman Wells faxed the CBC blood test and Pap smear results intended for a medical centre in Old Crow, Yukon.

"It was a simple human error, a keypad transcription error, easily confused numbers," said Sahtu Health and Social Services Authority CEO Chad Fehr at the time.

In mid-June, the same number received patient files from health authorities in Yellowknife and Fort Smith.

CBC wrote again about the misdirected faxes when it received a fourth document in two months a patient's test results from Stanton Territorial Hospital.

"Unfortunately, once again, this was a human error and it was a prefix error," said then-Stanton CEO Kay Lewis.

In response, Stanton imposed a fax freeze and a "double-checking" policy that she said had a "significant impact upon operations."

But the improvements didn't last for long.

July 2012: Faulty faxing strikes again

Two years later to the month, the department was back in the news for faxing private medical documents to a room full of reporters.

This time, the documents came from a health centre in Fort Providence.

At least the territory wasn't alone just a few weeks later, the newsroom fax received a patient referral form from Kugluktuk, Nunavut.

April 2013: YHSSA, storing information incorrectly, violates patient privacy

Less than a year later, the Yellowknife Health and Social Services Authority (YHSSA) drew the ire of the territory's privacy commissioner for their data practices.

Highly personal medical forms and test results were faxed directly to the CBC newsroom in the summer of 2010. (CBC)

Elaine Keenan Bengts called out the authority for making highly personal patient data including counselling records available to all 150 employees.

Sensitive information like whether a patient had received an abortion or was seeking treatment for substance abuse would pop up whenever a patient's records were accessed even if it was just to book an appointment.

"Yellowknife is a small town and inevitably at least one of the 150 people who have access to the system is going to have some connection to each patient who walks in the door," said Bengts at the time.

According to the privacy commissioner's report, the YHSSA took the position that there was "implied consent which allows YHSSA to use the personal health information of patients for any health care purpose."

July 2014: Health cards mailed to the wrong addresses

It was an embarrassing day for the territorial department of health when a spreadsheet sorting error resulted in them mailing out 195health cards to the wrong addresses.

"There's actually not a lot of personal information on a health care card other than your name, your address and obviously your health card number," said Debbie DeLancey, deputy minister of health at the time.

The department reduced the number of people who work with health card files that contain personal data.

October 2014: YHSSA faxes psychiatric record to employer

A few months later, YHSSA was in the news again, this time for faxing a psychiatric record to a patient's employer without their consent.

"I just want people to feel, to understand that you can have confidence in the many steps that we have to ensure that we're managing privacy correctly," said YHSSA CEO Les Harrison.

"This does not mean we're not going to make mistakes."

November 2014: Doctor loses USB key with thousandsof patients' data

N.W.T. privacy commissioner Elaine Keenan Bengts sounded the alarm about improper data practices at the Yellowknife Health and Social Services Authority (YHSSA) in 2013. (Jane Sponagle/CBC)

Less than a month later, a doctor at Stanton Territorial Hospital lost a USB key with the private health information of more than 4,000 patients.

The doctor had accidentally copied the records while trying to select just 67 patients' information from a database.

The USB key was never encrypted.

"The loss of the USB was not intentional, clearly," said Brenda Fitzgerald, the hospital's CEO at the time.

"We take this responsibility to protect information very seriously."

The USB key was later recovered.

February 2016: Inuvik staff snoop on records

Less than six months after the territory passed its Health Information Act, staff at the Inuvik Regional Hospital were found to be improperly accessing patients' records"many hundreds of times," mostly during their off hours.

The health authority said 67 patients were impacted, and multiple staff implicated.

October 2017: Privacy breach at Hay River clinic

The next year, a clinic in Hay River had to notify patients their privacy had been violated after sharing "non-essential" information like addresses, phone numbers, and full names on referral forms.

The clinic had to refile dozens of referrals over the next few months.

June 2018: Laptop stolen with 80% of territory's health data

A doctor at Stanton Territorial Hospital lost a USB key containing health information for thousands of patients. (CBC Arts)

Earlier this year, a laptop containing the health records of more than 30,000 residents wasstolen from a parked car in Ottawa.

The data was on its way to a conference and the laptop was unencrypted. To date, the laptop has not been recovered.

"Any time you have a critical incident occur, you have to stop, take stock and assess are there things that we could and should be doing differently?" Mused deputy health minister Bruce Cooper in a briefing with reporters.

The government waited to notify the public for almost two months after the theft. So many patients were impacted the territory didn't even bother to notify individuals.

December 2018: Hundreds of patient records left at dump

Hands are seen typing on a keyboard
When a Department of Health laptop was stolen in Ottawa, 80 per cent of N.W.T. residents were affected. (Jonathan Hayward/Canadian Press)

CBC reported last week that hundreds of fully intact and highly personal health records were found at the Fort Simpson dump.

The documents included test results, referral forms for substance abuse treatment, and notes from one-on-one counselling sessions.

The documents have since been recovered by the health department and handed over to the privacy commissioner.

An investigation is ongoing.