The following statement is provided by Nancy Martin-Ronson, VP, Chief Information Officer and Chief Nursing Officer, in response to an article which appeared in the Toronto Star on January 17, 2015, and to further questions which have been asked by the media about the privacy breach detailed in that article.
In the case identified by the Toronto Star reporter, questions have been asked about the privacy breach which involved records for abortion services. This breach involved records for abortion services performed at the hospital between June 3, 2010 and Mar 24, 2011. Patients who had abortion services between those dates may have been affected by the breach. No patient who had abortion services before June 3, 2010 or after March 24, 2011 was affected.
Any patient who has concerns or wishes to inquire about access to their personal health information during this time frame is invited to contact the hospital’s Privacy Officer at 705-876-5151.
The individual identified by the Toronto Star, Dawn DeCiccio, previously held the position of health information clerk at the hospital. As soon as the hospital learned of the potential breach, the employee’s hospital system access was promptly suspended. In the course of the investigation, the employee assured the hospital that she had not disclosed or shared patient personal health information with anyone else. A search of the employee’s work computer and e-mail did not reveal any evidence of personal health information having been disclosed.
The hospital reported the breach, and the steps that it took once it discovered the breach, to the Information and Privacy Commissioner in May 2011.
Peterborough Regional Health Centre (PRHC) has a zero tolerance policy with respect to inappropriate access to medical records. The standard is not negotiable and is strongly and frequently communicated to all levels of the organization. Employees found in breach of our standards can be terminated from the hospital. Reports can also be made to their professional colleges.
Questions have been asked about the screening of employees for personal beliefs, including anti-abortion beliefs. PRHC does not screen or discriminate against employees for their personal or religious beliefs. All employees are trained on the requirements of patient privacy law. Employees are prohibited from accessing patient personal health information except to the extent required to carry out their work.
The hospital strives to be transparent and accountable wherever possible. That being said, protecting and respecting the privacy of our patients is of paramount priority to PRHC, particularly when sensitive patient details are at risk of being brought forward into a public forum. Information about abortion services is expressly excluded from freedom of information legislation because of the sensitivities and risks associated with these services.
The hospital is not able to comment further as this matter is in litigation before the courts.
The hospital, however, repeats the statement above that any patient with any question about access to their own personal health information is invited to contact the Privacy Officer at 705-876-5151.