Thousands of People Had Their Personal Health Info Accessed At St. Martha’s Hospital.
ANTIGONISH, N.S. – Nova Scotia Health is in the process of contacting 2,690 people by letter whose personal health information was inappropriately accessed by a former employee at St. Martha’s Regional Hospital. The person responsible for the breaches has been terminated.
Nova Scotia Health views this as a summary offence under the Personal Health Information Act and the RCMP are currently investigating.
All those affected will hear directly from Nova Scotia Health and we will be available to discuss the details of these breaches with them. The information accessed in this incident included registration, demographic, and clinical information.
While we maintain confidence in the ethical practices of employees throughout our organization, we are extremely disappointed that an employee of Nova Scotia Health would engage in activity of this nature.
Nova Scotia Health will not tolerate any unauthorized access or snooping. Any suspicion of inappropriate access will be fully investigated and we will pursue the full force of any and all penalties available to us against offenders without hesitation, including fines and jail time where possible.
Nova Scotia Health employees and physicians have access to only that information that is required for them to perform their duties. Access to records is monitored and audited and we are continually working to enhance and strengthen our protections and surveillance of access to records and will continue to seek out the ever more advanced technology to prevent breaches.
We have notified the Office of the Information and Privacy Commissioner for Nova Scotia and will work with the office on any recommendations they may offer as a result of these breaches.
Our organization takes several steps to ensure all employees understand appropriate access and their obligation to keep patient information confidential, as well as to monitor access and identify inappropriate activity.
These steps include:
- Criminal record checks
- Standard orientation for all new staff, including privacy training and compliance with Nova Scotia Health policies and procedures.
- Ongoing education for managers and front-line staff.
- Privacy and confidentiality training with the requirement for all Nova Scotia Health employees to complete and submit a signed pledge of confidentiality.
- Data Access Controls – only those requiring access to perform their job are granted access
- Continuous monitoring to detect unauthorized access attempts or suspicious activity.
Source : NSHA Release