A Pictou worker referred me to this incident:
This employee wondered, “where were the bosses on Saturday, August 24th when all this took place? In what other workplace could a strange person go in, go through charts, work as part of a team and no one ask any questions?”
How does that happen? How many workplaces allow strangers computer access? Let alone computers that give access to patient files? Medical files are about the most sacred information any of us have, and because of this breach the Pictou County Health Authority says no charges will be laid. Why not? It doesn’t matter that the person who broke into these files is, according to a release from the Authority, an ” unauthorized health care professional” who was on the premises for an unapproved purpose; that person knew or should have known they had no right to do this. Given that this violates privacy rights and other provincial regulations has the Authority the right not to lay charges? Isn’t this something for the police, Department of Health and Wellness, and Privacy Commissioner to determine? Should the public feel confident with an Authority that treats such security breaches in such a cavalier manner? Should we trust a system which allows a rogue professional to wander around accessing files they have no right to? And to what purpose was this done? By not laying charges are they protecting the health professional or the authority executives? They’re not protecting patients.
We have had cases elsewhere in province (two which come to mind occurred in Windsor) where authority employees not authorized to certain information have accessed patient files. How many more times does this/has this happened? Why? Is it prurient interest by nosey people or is there some other reason? If there are no consequences for this kind of violation, what’s to stop others from doing it? And how can any of us trust that our health records – or any other records – are truly private, respected and protected?
Traditionally, the executives of Nova Scotia’s health authorities have made a big deal about how they can’t release information because of privacy regulations, but that has been when it’s in their interest not to be transparent. This is another example of the uneven application of rules and regulations when it suits their purposes.
This time someone breached security to read 39 files. But what if they had altered files? If we are to believe the Authority people were spared harm only because a few finger movements weren’t completed.