Saskatchewan's Privacy Officer found that eight people inappropriately approached the electronic health records of 10 Humboldt Broncos members who were killed in a bus crash in April.
A collision between a bus on Juniper hockey team and a trailer in rural Saskatchewan country killed 16 people and injured 13 people.
"Due to the high-profile nature of the incident, eHealth Saskatchewan understood the risk of snooping," said Ronald Kruzeniski, director of information and privacy,
According to the report, the health authorities began monitoring the patient's profile three days after the accident, including laboratory results, drug information and chronic illness.
"Between April 9, 2018 and May 15, 2018, eHealth found that eight of the viewer users (principally doctors) had unauthorized access to ten patient profiles."
The report reported eHealth to the Privacy Commissioner on July 5.
The Privacy Officer was disappointed & # 39;
Kruzeniski said seven doctors and office managers were disappointed to see the record inappropriately.
"It was a big tragedy in our province, and people were tempted and disappointed," he told Canadian media. "Now that things are done, it's my job to work with others through education and legislative changes. [to] Activate the system. "
His report, which was posted online, explained the privacy violation in detail.
In one case, one medical staff member examined three people's health information related to the conflict.
The office manager admitted, "She saw the record because one of her family members said she wanted to check the information and the other person was a patient." [and] She wanted to see the details reported by the press on an individual. "
The report discontinued employees' access to eHealth and received additional training, but she then resigned from her job.
In another case, a doctor at the Humboldt clinic saw two people's records, including those who were patients before the crash.
"Dr. D wanted to know if an individual was injured or was injured if he or she died immediately." For another individual, Dr. D was concerned. "
Three first-aid doctors review patient records
The other case included three doctors who provided emergency care at Nipawin Hospital and reviewed patient records that were treated.
"They believed they were in their personal interests."
The Privacy Officer said doctors were no longer authorized to access records because the local Health Information Protection Act did not mention the medical profession.
Another example was that the medical staff could see information from three patients, which was not an acceptable reason but to close the case.
During the monitoring period, two other medical staff members surveyed the records of one of the people involved in the crash when they reviewed records of dozens of patients with certain diseases.
A monthly audit of your personal information is recommended.
In his report, Kruzeniski has written several recommendations for eHealth. This includes conducting periodic monthly audits of doctors who have improperly accessed information for the next three years.
Kruzeniski recommended that organizations comply with the need-to-know principle, not the circle-of-care concept, and develop a solution that allows system users to review the training on a regular basis.