An investigation by the Office of the Information and Privacy Commissioner released that Alberta Health Services breached the Health Information Act. 49 employees from the South Health Campus emergency department accessed a patient and her daughters health information without proper authorization to do so.
The patient had been flagged as confidential due to the specific circumstances of their admission to the emergency department. In total, 160 employees accessed the patients information for medical purposes, but 49 of them accessed the information outside their role of providing a health service.
The OIPC reviewed the purposes explained by the employees as to why they gained access, which included providing a health service, managing patient flow and curiosity. A large number of employees also claimed they didn’t remember why they looked at the information.
The OIPC found the reasons given by all of the employees did not justify gaining access because of their specific roles and responsibility, and timing of the accesses. The investigation also found that AHS didn’t implement sufficient safeguards to protect patient information, and that they didn’t ensure employees were aware of how to effectively protect information.
As a result of AHS’s insufficient training, 38 employees had all punishments rescinded and 11 had them reduced.