Manitoba Health, Seniors and Active Living (MHSAL) has reported that a former health department employee inappropriately accessed the personal health information of 197 people, including names, addresses and dates of birth.
MHSAL said on Monday that an internal investigation revealed the breach. The former employee did not have access to personal health information in provincial databases that would include physician visits, diagnoses, medical billings, prescription drug records or hospitalizations, MHSAL added in a statement.
Not all provincial department employees have access to personal health information, the department noted. Under the Personal Health Information Act (PHIA) and the department’s related policies and procedures, “employees are only authorized to access information if it is necessary to carry out their defined responsibilities and work requirements.”
“While the potential for further misuse of the information is low, the department takes the privacy and confidentiality of personal health information very seriously and is directly contacting affected individuals,” MHSAL said, adding that if other individuals are identified, they will be notified. “The department apologizes for this incident and is continuing to provide ongoing training to staff to ensure they are aware of their responsibilities to maintain the privacy of personal health information.”
PHIA was enacted in 1997 to ensure an individual’s access to their personal health information and the privacy of personal health information maintained by healthcare providers and facilities, government and other public bodies. The legislation makes it an offence for an employee or trustee to use, gain access to or attempt to gain access to another person’s personal health information.
The department has also notified the Manitoba Ombudsman’s office about the breach.