CORNER BROOK — Some 1,043 patients of Western Health will soon receive letters of apology telling them their privacy has been breached through access to their personal health records.
However, where and why that information was accessed is something the health authority is not releasing.
Susan Gillam, chief executive officer of Western Health, said Wednesday that a breach in privacy and confidentiality involving patient records was discovered in mid-May because of a complaint.
Gillam would not say if the complainant was one of the breached patients.
Following the discovery the health authority launched "a very extensive and thorough investigation."
That investigation looked at the access to patient records from June 2011 to May 2012 and culminated in the dismissal of an employee on Tuesday. At this time, Gillam said Western Health won't be pursuing a criminal charge against the individual.
All she would say about the employee is that the person was a clerk within Western Health. She declined to say where, or in what department the person worked and also could not say if the records accessed were isolated to one location, area or department.
What she did say is that the incident was deeply concerning for her.
"And I want to express a sincere apology to the patients of Western Health who've had their confidentiality, their privacy rather, breached in this manner," Gillam said.
Information contained in the records includes demographics, names, ages, addresses, next of kin and the reasons for visits to one of Western Health's facilities.
Gillam said the investigation was comprehensive and determined the breach occurred in 1,043 instances.
"We're certainly going to be very diligent in ensuring that we can contact as many of these individuals as possible," she said.
"Our priority is apologizing to the patients whose privacy has been breached and ensuring that we contact them and provide them with the information and also our apology."
The health authority has also informed the Office of the Information and Privacy Commissioner of the breach.
Gillam said privacy and confidentiality is something the health authority takes very seriously and has a number of mechanisms in place to determine if personal health information is being used accurately, including regular auditing, following up and investigating complaints and education for staff on privacy and confidentiality.
She said these are things the health authority will continue to do, but noted a new software package currently being installed will help in doing systematic audits of records.
“We are committed to continuing to safeguard the system,” said Gillam
She said Western Health employs 3,200 people and the vast majority of them work diligently and are committed to privacy and confidentiality.
Health Minister Susan Sullivan also offered her regrets.
“We’re always disappointed and concerned when we hear that there have been breaches of confidentiality and breaches of privacy within our health-care system. That’s my first reaction. My second is to assure the patients of Newfoundland and Labrador that this is something that we take very seriously,” said Sullivan.
This is not the first time in recent months that a provincial health authority has had to contact patients and tell them their private information has been improperly accessed.
Less than two weeks ago, Eastern Health announced that it had fired five employees for improperly accessing patient files.
Another confidentiality breach occurred in March when medical waste fell from the back of a transport truck and exposed patients’ personal information to the public. That incident was deemed accidental.
Despite these breaches, Sullivan said she stands by the health authorities’ record for patient confidentiality.
“We’ve had two major breaches of privacy — we have 21,000 staff within our health authorities. Certainly not systemic, not representative of the good quality work that all of our health care providers put in place,” she said.
If anyone has concerns about the privacy of their records, Gillam said they can contact Western Health’s privacy office.
What we don't know
Questions Western Health wouldn't or couldn't answer
— Where did the employee work?
— Was the breach isolated to one facility, area or department?
— Where are the patients from?
— Was the complaint made by one of the affected patients?
— Was a reason given for why the records were accessed?