Privacy breaches at St. Martha’s impact nearly 2,700
ANTIGONISH — Close to 2,700 people can expect to hear from Nova Scotia Health (NSH) after a hospital employee “inappropriately accessed” some or all of their private information – including MSI numbers, home addresses and even triage reports – almost a year ago.
“We’re spending a lot of time making sure we know exactly what was touched so that we can contact each of the 2,690 people to work through this with them,” NSH Chief Financial Officer and Vice-President of Corporate Services Derek Spinney told a news conference Apr. 19, explaining why the incident was coming to light months after it occurred.
According to the public service advisory issued earlier in the day, the breaches – which occurred at St. Martha’s Regional Hospital in Antigonish between May 25 and Sept. 30, 2023 – involved registration, demographic and clinical information.
“Some or all of it included names, addresses, emails, phone numbers, health card (MSI) numbers, emergency contacts, next of kin and primary care providers,” NSH spokesperson Brendan Elliot told The Journal in an email.
There were also “details [pertaining to] visits, such as date, location, triage (initial health assessment) details; reasons for visits and attending physician. Some medical records – such as lab test results, imaging results or clinical notes related to an emergency visit or inpatient stay – may have been accessed, depending on the patient.”
At the news conference, Spinney said he was “extremely disappointed that an employee of Nova Scotia Health would engage in activity of this nature. [We] will not tolerate any unauthorized access or snooping.”
Elliot confirmed that the individual – who had a “non-clinical role” and is thought to have acted alone – was suspended while the investigation was underway and later fired in November. The matter was referred to the RCMP, he said.
“Accessing patients’ personal health information for non-work reasons is an offence under the Personal Health Information Act that can result in a fine up to $10,000 and imprisonment for up six months for each breach.”
Despite the incident, Spinney said the system is safe, pointing out that NHS has more than four million registrants a year.
Added Elliot: “To have 2,690 patients affected by this breach would equate to just .0007 per cent of the registrations – whether they be for inpatient blood work, diagnostic imaging, etc. This isn’t to make light, but rather to provide some context.”
Moreover, he noted, “Nova Scotia Health reviews our privacy policies and processes regularly; we conduct audits and provide training on confidentiality and privacy for employees. Employees also sign a confidentiality pledge when they are hired as part of a commitment to protect privacy. NSH employees and physicians have access to only that information that is required for them to perform their duties. Access to records is monitored and audited and we are continually working to enhance and strengthen our protections and surveillance of access to records and will continue to seek out ever-evolving technology to prevent breaches.”
Regarding this particular breach, Elliot said NSH has notified the Office of the Information and Privacy Commissioner for Nova Scotia and “will work with the office on any recommendations it offers.”
St. Martha’s Regional Hospital – an acute care facility providing a range of primary and secondary services through inpatient, outpatient, and satellite services – supports residents from Antigonish, Guysborough, Inverness and Richmond counties.
Alec Bruce, Local Journalism Initiative Reporter, Guysborough Journal
