Heartland Health Region employee fired after accessing 900 patient charts

An employee of the Heartland Health Region has been fired after inappropriately accessing about 900 patient charts over 14 months.
 
A privacy breach was reported back in July. All affected patients have been notified via a letter.
 
The Heartland Health Region is west of Saskatoon in the Kindersley area.

“The privacy of personal health information is something we take very seriously and we extend our sincere apologies to those patients affected by this breach,” Greg Cummings, president and CEO of the Heartland Region, said in a media release.

The health region said the employee has been terminated and their professional association has been notified. The privacy commissioner, the ministry of health and eHealth Saskatchewan have been notified as well.

The health region said it will review and limit access to make sure people’s personal information remains secure and safe. They will review their internal approval and authorization process when new electronic systems are implemented and review their existing provincial privacy impact assessments.

In addition, the health region will develop a process to regularly audit and monitor all electronic systems. They will review staff education related to confidentiality, privacy and protection of personal health information.

Earlier this year, the Saskatoon Health Region found an employee snooping her own medical records and the records of five other patients for no reason. The health region said the employee claimed she was bored and curious when the breach happened.

The privacy commissioner challenged the health region to disclose the name and punishment received by the employee.

Health region CEO Dan Florizone said the person had been disciplined but her name and degree of punishment would not be released.