Health records of 3,224 Red Deer hospital patients involved in privacy breach, health authority says

·2 min read
 AHS said the breaches took place over a two-year period and involved two clerical employees in the Red Deer Regional Hospital Centre's diagnostic imaging department.  (Cultura RF/Getty Images - image credit)
AHS said the breaches took place over a two-year period and involved two clerical employees in the Red Deer Regional Hospital Centre's diagnostic imaging department. (Cultura RF/Getty Images - image credit)

The electronic health records of 3,224 central Alberta patients were improperly accessed by two workers at the Red Deer hospital, an internal investigation by Alberta Health Services has revealed.

In a statement issued Tuesday, AHS said the breaches took place over a two-year period and involved two clerical employees in the Red Deer Regional Hospital Centre's diagnostic imaging department.

The AHS investigation concluded that one employee had improperly accessed the patient information of 3,147 patients between Oct. 2018 and Oct. 2020. The patient records of an additional 77 patients were accessed by a co-worker, AHS said.

Both clerical workers involved are no longer employed by AHS, the provincial health authority said.

The workers were looking through the files with no medical reason for doing so.

The majority of the records accessed were of emergency patients, coworkers and family members, and consisted of personal demographic information and clinical records, AHS said.

'A direct violation'

AHS said the patient care and the accuracy of patient records have not been affected.

Affected patients will be notified by mail. Notifications were sent on April 12, AHS said.

"AHS takes the privacy and confidentiality of patient information seriously, and non-work related access to patient records is a clear breach of confidentiality and a direct violation of privacy and information security policies," said Janice Stewart, Chief Zone Officer with AHS Central Zone in a statement.

"We understand that patients trust AHS to appropriately access and safeguard their health and personal information.

"AHS remains fully committed to ensuring safeguards are in place to build this trust by preventing inappropriate access, use or disclosure of patient information."

AHS says the breach was reported to Alberta Health and the Office of the Information and Privacy Commissioner of Alberta.

It has been mandatory to report such breaches to the privacy commissioner since Aug. 31, 2018, when the Alberta government brought in changes to the Health Information Act, which governs all health regulated health professionals.