There are 18 people in Saskatchewan who may never know that a doctor has snooped through their medical information.
Jocelyne Bierman only found out because she had some “red flags” come up in regard to her medical information. Bierman contacted E-Health for an audit to see who had accessed her info and it came back as Dr. Serhii Haidash.
“He’s not my family physician, I’ve never seen him in any health-related situation. There was no need for that person to have accessed my medical info,” said Bierman.
Bierman said knowing this stranger looked through her information made her feel extremely violated.
“It is private information. It is just not something I, personally, wanted to have out there – it’s just, it’s so private.”
Bierman took her complaint to the Ministry of Health, which did its own investigation. She said the ministry told her there were 18 other people whose information was looked up by Haidash.
Both Bierman and the ministry took that information to the College of Physicians and Surgeons of Saskatchewan.
It looked into the matter and found Haidash guilty of unprofessional conduct in November.
The decision said he looked up the personal health information of several people through the pharmaceutical information program without consent or a legitimate need to know the information.
The Regina Qu’Appelle Health Region said the breach did not occur within its system.
The penalty was a $2,400 fine to cover the cost of the investigation and hearing, and to take some training on confidentiality.
Neither the provincial government nor the Information and Privacy Commissioner would say whether they were investigating the breach.
Bierman said the guilty decision is good for her because she’s taking the case to civil court. However, she is concerned more than a dozen people have had their privacy breached and may never know.
Best practice guidelines set out by the province’s Information and Privacy Commissioner recommend victims of a breach be notified, but there is no provision in Saskatchewan’s Health Information Privacy Act (HIPA) to make it a legal requirement.
Tavengwa Runyowa is Bierman’s lawyer. He and Bierman are pushing for the law to be changed.
“Some people might not care (about a breach), some people might have things on their records that are really, really sensitive. So you can have a lot of differentiated impact out of sometimes the very same breach.”
Runyowa also believes there should be more education for medical professionals about privacy, as breaches aren’t always intentional.
“Snooping is pretty obvious, but there’s a lot of times where it might just be people not being careful, like giving more information to people who are not the primary patient than they should.”
The last time HIPA was amended was in 2015 when several offense provisions were updated, including those around snooping.
Saskatchewan’s Information and Privacy Commissioner, Ronald Kruzeniski, said snooping is still a big problem across Canada.
“People seem to snoop quite often and persistently and I don’t understand, with all the publicity, why employees in organizations still get tempted to do it.”
Kruzeniski doesn’t think the updated HIPA provisions have done much to curb snooping in Saskatchewan.
At the moment, Kruzenski’s office encourages every trustee to report breaches to victims.
His office has already put in a proposal to the provincial government to amend HIPA so breaches where there’s a significant risk of harm would have to be reported to the commissioner, the accused’s professional body, and the victim.
Kruzeniski is hoping changes to HIPA will be discussed in the next couple of years.