Breach of privacy leaves patient's family distraughtSaturday, May 03, 2014 by: Darren Taylor
A Sault Ste. Marie woman is angry, emotionally distraught and considering legal action over the fact her mother’s medical records were inappropriately accessed by an employee of Sault Area Hospital (SAH).
The woman, who prefers to remain anonymous, has told SooToday.com a letter she received from Sonia Tassone, freedom of information and privacy coordinator at SAH, dated April 2, 2014, informs her that a March 31, 2014 audit of the hospital’s MediTech system shows her mother’s files were inappropriately accessed by an SAH employee.
A follow up letter, dated April 23, 2014, tells the woman her mother’s medical records were accessed March 22, 2010, one full year after her mother passed away in March 2009.
The letter informs her that this was done “outside the scope of the employee’s regular duties or job functions.”
The letter states information in regards to the patient’s recent and past visits to SAH, name, date of birth, address, telephone number and Ontario health card number were inappropriately checked.
SAH announced in mid-April an employee had committed 144 inappropriate cases of accessing patient files using the MediTech system, dating back to 2008.
Many SAH staff, such as doctors, nurses, lab technicians and others, have access to medical records but access is restricted to those staff members directly involved in a particular patient’s case.
Letters were sent out from SAH to patients advising them of the breach, informing them that the SAH staff member involved (who has not been identified by SAH) has been fired, and that there was no reason to believe personal information had been shared.
The woman, as next of kin, who spoke to SooToday.com, showed us the original letter dated April 2, 2014, which states “We have no reason to believe the documentation pertaining to you (or, in this case, the individual’s mother) was used or reproduced and do not believe there will be any harm or impact to you.”
Ron Gagnon, SAH president and CEO, told us “it is a breach of “confidentiality, which is a non-starter in this organization.”
“Based on the extent of our review we’re confident” the information has not been passed on, Gagnon said.
“We do many things to educate and keep our staff informed, anybody who works here what is required (in regards to confidentiality)… it’s one of our key promises to our patients and we’re going to always, always, always act swiftly and take the same type of action that we took (dismissing an employee who violates confidentiality rules).”
The fired SAH employee is appealing the termination of employment.
Meanwhile, the woman who contacted us said “I was upset when I read the letter.”
The woman remains concerned her mother’s information may have been passed on and shared with others.
“The more I thought about it, I started wondering if people have accessed her information and what they’re doing with it,” she said.
“Can’t health card numbers be copied down by pen and paper…I don’t see where the hospital’s confidence is.”
“I find it flippant and insulting for the hospital to say the employee was being nosy…how do they know for certain the employee was just being nosy (and did not pass the information along)?”
“What was the motivation (of the SAH employee) to do this?”
“My mother had cancer twice and beat it and she died from ALS which is a horrible disease…she’s now in her grave, she should be left alone,” the woman said.
“She was an extremely private person and I don’t think she would have appreciated this.”
Ottawa-based lawyer Michael Crystal is currently working on a $5 million class action lawsuit against the Peterborough Regional Health Centre concerning privacy breaches.
Crystal has been contacted by people affected by the SAH privacy breach and is inviting those affected to contact him at 613-794-1312 or 1-855-594-5490.
The woman we spoke to told us she has contacted Crystal, who will be visiting Sault Ste. Marie and holding an information meeting for those affected by the SAH privacy breach four to six weeks from now.
“We’ll hear what he has to say and decide from there what we want to do…I’ll go to the meeting and see what the lawyer has to say,” she said.
SuzyyQ 5/3/2014 7:07:43 PM Report
I fully support this woman and feel she should pursue legal action. Privacy breach is unacceptable ! I personally had an experience with privacy breach here locally at the Service Ontario office on Queen when I went to renew my health card. I was never receiving the card and when I inquired about the delay, I was told by more than one clerk that it was mailed out and that I had gone in to change my phone number, which would have caused the delay. I pleaded with the clerks that they were mistaken; and that I had NOT gone in to make a phone number change. They maintained they were right, I was wrong, and I'm like, are you f**** kidding me? I've had the same address/phone number for over 20 yrs. I ultimately phoned the head office and the person I dealt with investigated and discovered it was a pricacy breach; my health card information had gone out to someone else, who, I have no idea, but nevertheless, someone got ahold of my information. The end result was that the clerks at that Ontario office location were going to be "talked to" so to avoid another repeat of the mistake.
rider_ 5/3/2014 7:47:46 PM Report
privacy is dead
suck it up, buttercup
young guy 5/3/2014 8:10:44 PM Report
There is a point to this right?
Why would anybody care if someone checked your medical records? Well, unless you had hemmoroids or something..
Otherwise, what exactly do you think somebody would do with that information to cause you harm?? The woman is dead.
Maybe the doctor was good friends with her and wanted to see how she was doing. Perhaps he treated her in the past and was concerned about her. Otherwise, what do you think the doctor would do with that information? Steal her identity?? Yeah, right..
SuzyyQ 5/3/2014 8:15:38 PM Report
@young guy, where in the story does it say it was a doctor who accessed the files??? It says SAH employee, unless you know the actual identity of this employee?
Dixiepup 5/3/2014 8:17:18 PM Report
While I agree that confidentiality is a priority, the fact that a law suit is being considered is ridiculous. If the woman was alive and doing it herself is one thing, but for a family member to undertake one is , in my opinion, an opportunistic act.
SuzyyQ 5/3/2014 8:22:12 PM Report
@Dixicup, I respectfully disagree with your statement. Someone needs to act for the deceased. If the family feels their concern is justified, then that is their business.
Sammy1099 5/3/2014 8:47:32 PM Report
It wasn’t a Doctor, it was an employee.
She also accessed then not once but over 100 times when she wasn’t supposed to. Why would she do that? What is she a gossip, trying to get dirt on someone for extortion or just nosy?
A lot of personnel information is kept in those files and yes there is sufficient info to steal your identity. The records are supposed to be kept secure for a reason.
I suppose you are the same clowns who would run around with flash drives in your pockets with a million people’s tax returns. You’re probably also the same idiots who supported Toews warrantless searches.
I hope she sues the SAH and the person who commited the act.
Sam C 5/3/2014 9:18:36 PM Report
young guy... it's called "identity theft." The employee might have just been "nosy," or could have been looking for identities to steal.
Gurpy 5/3/2014 9:25:39 PM Report
I had an unsettled feeling about the service Ontario on more than one occasion. I believe these employees should have experienced more than a "talking to". Lots of free info. floating around this city by people who are suppose to be "confidential" or "professional". Nowadays, watch who you trust!
vlr 5/3/2014 10:14:29 PM Report
The daughter states that her mother was a private person. Perhaps the daughter shouldn't be telling Sootoday about the incident. Perhaps her mother wouldn't like that either.
kamen 5/3/2014 10:23:23 PM Report
I hope this woman wins her lawsuit. I wouldn't want people accessing my dead relatives records without my consent. What was the purpose of doing this? By the way did you know that all photocopiers made after 2000 have harddrives and everything that is emailed, faxed or scanned by them is held by the hard drive? So if the SAH has any of our information on their photocopier and they sell it or give it away without demolishing the photocopier hard drive whoever buys it can have access to all your information if it was scanned, etc by said copier.
Entitledtomyopinion 5/4/2014 12:50:01 AM Report
I have received a letter as well saying I was affected my this breach.
Pakadeva 5/4/2014 2:05:45 AM Report
Class action suite by all involved...over 100 times is VERY intentional & very troubling to family I would think. If it was an accident, searching for other information, that's different, I would definitely sue as well! If someone spent many times looking over my Mother's information after she spent time there, I would be troubled about it as well.
LilPup 5/4/2014 2:30:43 AM Report
For what the hospital pays their employees, they should expect some professionalism. Even if it was just a matter of a nosy employee, the idea of someone giggling over hundreds of medical records while being paid by the hour on the taxpayers dime is disturbing. The hospital was right to fire them, and they deserve any lawsuit filed as well.
fullstringer 5/4/2014 2:48:04 AM Report
So let me get this straight? Your mom had an ingrown toenail on her left foot? And was suffering from depression? She, sadly passed away (we all do at some point in time?)and now you want a bunch of money from the hospital because you think you have been victomized and deserve it. Of course you will put that money to good use (charity comes to mind? perhaps a donation to the hospital?) and not be booking a trip to the Bahamas as a relaxant to your stress?
young guy 5/4/2014 4:28:12 AM Report
Well, if it was a SAH employee, then I guess it could have been a doctor, a nurse, a social worker, a psychiatrist, a nurse practitioner, a psychologist, a surgeon, etc, etc..
Sorry if I assumed it was a doctor......
How do you know that it wasn't a doctor? What makes you so sure of that? Whoever you think it is, I am quite sure that they aren't running around with your tax return on their flash drive. Perhaps you should pay a visit to a social worker or something.
Like I said before, 'the woman is dead'... It would not be very hard to track the employee down if her intentions were fraudulent. That is quite obvious.
I personally didn't know that this woman was suffering from cancer and not sure why that her daughter is disclosing her deceased mothers medical information publicly whilst being distraught over a medical employee looking over them. I personally would 'want' them looking over mine. What else do I pay them so much money for?
Boomer4771 5/4/2014 6:48:26 AM Report
This is stupid. there should be no lawsuit. Just another scheme to try and get a big payoff.
Sammy1099 5/4/2014 6:59:45 AM Report
Not the sharpest tack in the box are you? If it was a Doctor he would have to access records wouldn’t he? However if accessing the records was out of his scope then yes he should be investigated.
Why do you think logs are kept of people who access this information? Why do you think access to this information is supposed to be restricted? First and foremost there is this thing called “Doctor patient confidentiality” second the potential for abuse, idiots stealing identities, using it for personnel attacks and using it for financial gain. You don’t recall the cop who was using the police DB to get dirt on her ex for example.
Your nonchalant attitude towards private information is telling.The potential is always there to abuse. Your inability to comprehend this indicates to me you should see a councillor or at the very least educate yourself.
AlwaysAWinner 5/4/2014 7:50:09 AM Report
oh man this woman is clearly suing for the money, there's no real issue here
any information anywhere is subject to this kind of thing. any company with your information can run into an employee accessing stuff without permission, with someone else' credentials or maliciously
her info wasn't access over 100 times, that person access information over 100 times, in GENERAL. not hers specifically, no where did it say hers was accessed over 100 times.
there's no news of anyone else' information being USED AT ALL. they didn't post it on the internet or give it out, all that occurred was he/she accessed it without permission.
everyone here is being completely over dramatic and ridiculous
“My mother had cancer twice and beat it and she died from ALS which is a horrible disease…she’s now in her grave, she should be left alone,” the woman said.
“She was an extremely private person and I don’t think she would have appreciated this.”
stop trying to be a victim, jesus you have no proof anything was done with this information.
seriously this screams of boo-hoo i can use this made up problem and cash in.
the employee that was terminated is making an appeal for the termination, probably because this woman tried tooth and nail to get this person fired. these people are likely nobodies and even if they're information was put out, no one would care
seriously I bet you could throw it front page news on sault star and no one would honestly give it more than two seconds of thought
guess what, probably 30+ people look at your health information, all you know is someone accessed it without permission. it was "inappropriately checked", not "released to the public".
Frio 5/4/2014 9:13:32 AM Report
I would think a wakeup call is in the fact that the breach took place 4 years ago and the hospital audit of its medical records only picks it up now and affected patients are informed. What kind of oversight of the medical records for unauthorized access is that?
ducky58 5/4/2014 10:07:36 AM Report
A lot of you people that don't care how this women feels would surely feel violated if it were you. What if that person who had that information were to take out a loan or credit card in your name and left you with huge amount of debt. Then how would you feel about your private information being look at. I'll bet you sure wouldn't be so quick to talk.
thomas 5/4/2014 10:07:55 AM Report
I agree with AlwaysAWinner. This daughter is in this for the money, and nothing else.
If it was bank accounts that were accessed, then that is a different story, but this is just medical records of a deceased person (in this one case).
Corr 5/4/2014 10:22:42 AM Report
It was one of the cleaners, they surely can't be trusted.
thomas 5/4/2014 10:30:53 AM Report
Well the cleaner I observed when my son spent a day in emerge sure couldn't be trusted to do a good job cleaning. What a joke! She just pushed the dirt around with a big honking dry mop, and left it in other places.
bocca1 5/4/2014 11:05:46 AM Report
There is no system anymore that can't be accessed or hacked into if someone is determined to do it. That is the cost of computerization. The issue here is that this woman had died, therefore any info that was gained is not going to be of much benefit. Also if the mother was a very private person her daughter violated her privacy by telling the world she had cancer twice and then ALS. The hospital, or any institution, cannot make sure that records will NEVER be accessed. Even the Pentagon has been accessed. It is the new way of the digital world. Every lawsuit by so-called "traumatised" people who sue for big bucks takes more money out of the already cash strapped system. Would this deceased woman want money taken away from medical institutions which would mean other sick people would have less services available to them? This is a cash grab that is so prevalent in our new "sue everyone for easy cash" society.
jmizair 5/4/2014 11:24:38 AM Report
I agree..... a lawsuit is unjustified and there is no evidence of any significant impact or lack of accountability done by SAH.
The hospital did the right thing by disciplining the employee which went against policy and procedures.
It appears that this employee was just nosey and searched people which she didn't have direct reason to do so....pertaining to her role.
tan21 5/4/2014 1:01:31 PM Report
Before u open u mouth again and let stupid out just to let you know only certain staff have access to meditech ...ie.. nurses,doctors, clerical staff etc but hey watch those cleaners bahahaha
asp 5/4/2014 1:34:53 PM Report
The hospital is very careless in alot of ways, I think the person who did this, name should be released to the media so other Nursing facilities don't hire them. All health care facilities are careless, my mother is in a local nursing home and a nurse taking care of her gave her the wrong medication too which my mother had a reaction. How careless. I fully support this family in the pursuit of legal action towards the hospital. I hope you were able to get the names other that this happened too (pull together)sue that hospital
danafaze 5/4/2014 1:35:35 PM Report
ok people, that's it. forget the anonymity issue. for those of you who CAN read, I never once said I was going to pursue this. I said I would attend a meeting regarding this issue. I WAS distraught to see someone had viewed my mother's records. and for the record, she was an MRI technologist. I saw no apology from the hospital in the article I read, and felt all victims were due one. I also was bothered when I read that her intent was to be nosy. prior to this, I was upset by the breach, but willing to move on and forget about it. I contacted the lawyer mentioned, and learned that I was able to request a record of times and data viewed by this employee with regard to my mother. I was also upset to read that this employee was appealing her dismissal. clearly, she did something wrong.
as for my mother's private nature, I will state OUT LOUD, that she raised 2 children on her own, cared for her parents, beat cancer twice, and succumbed to the wrath of ALS. she was a beautiful generous person, and I was blessed to have her for a mother. I have NO intent to sue, and that was never stated in the article. my point was, that my mother, in her grave, has a right to privacy and respect. this woman viewed my mother's information, one year after her death, and looked at her file over a period of a couple of hours, and viewed 10 separate things. this is offensive to me. and mostly, I just want, and have a right to know what her motivation was. WHY? I will attend a walk for ALS in june. and my mother's memory lives on in many who loved her. but, being private, her information has no place in the hands of some nosy employee. I am grateful to the lawyer as he informed me of my rights. I am not looking for cash!! more answers...
what I meant by my comments was, that she suffered enough. let her rest in peace. anyone who has lost a parent can surely empathize that this was offensive to me and my family. I can speak of my mom if I choose. however, her history at the hospital was NOT this woman's business. those of you with a heart and a brain will understand. let it be.
danafaze 5/4/2014 2:26:08 PM Report
in closing, and for the record people, I stated to the reporter that I would attend the meeting to acquire information, which is my right. too often victims are blamed over perpetrators. carry on sault ste. marie.
Gurpy 5/4/2014 2:30:29 PM Report
SUE THEM!!! Good for you for honoring your mom even though she is no longer with us. Do not let the hospital get away with this! Pay no attention to some of the mindless, heartless twits you`ve encountered on sootoday! Let them have it!!
Stan12 5/4/2014 3:55:28 PM Report
Just who is this person that broke the privacy rules?? Why is their name not made public??
Gurpy 5/4/2014 3:57:55 PM Report
People in this city never cease to amaze me! Not one shred of compassion for that poor woman! All these accusations of her intentions being motivated by money only! Shame on all of you! you`ve given an entirely different meaning to the word SLIME!
Gurpy 5/4/2014 3:59:42 PM Report
In our sick and twisted society, law breakers are PROTECTED while the victims continue to be victimized! That is why the name is not published.
Stan12 5/4/2014 4:10:58 PM Report
Someone committed identity theft and stole personal health records, therefore the victim's family can and should take legal action against the hospital. The hospital in their letter to the victim claim that the information was not passed on. Oh? Really? How do they know that...on the word of the perpetrator?? What happens 6, 10 months from now when the victim's family finds out that the information WAS indeed passed on or sold?? Those who say the victim is deceased so it's no big deal...really?? So I guess it's ok to steal from a person's estate once they are deceased. Identity theft and theft of personal information is theft whether the victim is alive or deceased! The victim's family has every right to persue legal action here and I hope they do and are appropriately compensated.
danafaze 5/4/2014 4:41:24 PM Report
as I've been told by the hospital, her name has been released to the victims, but not the public. we are allowed to do with that information as we choose. as I am not a vengeful person, I have not released her name here. however, identity theft..or..another nosy parker in sault ste. marie..whatever her reason, I would like to know what it was. but, rather than admitting guilt, she is appealing the decision. this is where I get angry. thank you commenters for your support.
superior87 5/4/2014 5:15:30 PM Report
Oh look it's Gurpy spewing nonsense again. Never backs anything up, just a conspiracy theorist.
MYPOINT 5/4/2014 5:57:31 PM Report
is as follows ...
Regardless of the reasons the fired employee ( F ) viewed these records, the simple fact is that ' F ' did NOT have the right to do so when they were not 'directly' involved in the care being received by the patient. Period. The number of times he or she viewed these 'confidential' files is also not very relevant because to do so even once is a violation of privacy!! It also does not matter if 'F ' was a floor cleaner, a porter, a nurse, a doctor or any of the other people employed by SAH. The job description is NOT the problem, the fact that ' F ' viewed files that they had NO right to view IS the problem! Obviously it may take many years to learn if someone actually benefitted from this information although I do think that is very unlikely under the circumstances.
Now I realize that there are some who think this family member is merely out to make some money. I do NOT believe this is the case however. I think all of us would be extremely upset if any of our personal medical information was viewed by someone who had no right to do so. I further think that all of us would be even more upset if it took the SAH a very long time ( years ) to learn of this breach of privacy before they disclosed same.
I do not know what the security measures are at the SAH when it comes to certain staff having access to confidential information but I do know that nurses have very strict rules that they must adhere to at all times. These rules do not just come from the SAH, they also come from the College of Nurses of Ontario ( CNO ) which is the body that licenses nurses in this Province. This means that IF ' F ' was a nurse, it would not matter if the hospital fired them or not because the CNO would conduct an investigation and the nurse would most likely lose his or her licence to practice nursing in this Province if they were found guilty of violating the privacy rules. Obviously this means that they would lose their job at SAH regardless.
I think that those on here who have posted that this lady is just out to try and get money are treating her unjustly because nobody on here is 100% sure that this lady is a crook or whatever. Believe it or not, in this Country people are still considered innocent until proven guilty and there is nobody posting anything on here who can prove that she is guilty of anything. This is not to say that she is not doing exactly this however but since I have no idea one way or the other, I shall refrain from making accusations against someone I do not know.
To the lady in question in the article I would like to state that I understand your deep frustration with the way SAH handled this entire situation and I do sincerely hope that no personal information of any kind relating to your Mother was leaked out to anyone who had no right to know this information.
As always, your views may differ :)
Gurpy 5/4/2014 6:20:13 PM Report
ATTENTION SOOTODAY. I`m being bullied by superior8. Please pull their post and stop them from posting again.
Gurpy 5/4/2014 6:21:38 PM Report
SOOTODAY- I would like superior8 information so I can effectively deal with this matter.
Gurpy 5/4/2014 6:23:10 PM Report
Ooops should read superior 87.
SuzyyQ 5/4/2014 6:47:54 PM Report
Ron Gagnon gets paid BIG BUCKS and for this breach of privacy to have happened on his watch is unacceptable! Although off topic here, but can someone please enlighten me as to whether Ron Gagon's salary is warranted ??? $300,000. ???? Seriously???
Blondie11 5/4/2014 7:31:06 PM Report
I know exactly how this woman feels. The same thing happened to my daughter two years ago. It was very upsetting to the both of us and it was also dismissed as no big deal. A person's privacy whether they are dead or alive is just that PRIVATE!! You might think twice about it,especially if it were to happen to you! :(
jonesur 5/4/2014 8:04:03 PM Report
So the daily bloggers wonder why the comment section of some stories on this site are disabled?
Read no further than many of the previous posts from this story. Nowhere does it state that the patients' child is "going" to sue SAH, yet too many assume he/she is a gold digger looking for paydirt. Beyond that, too many seem to have expertise into a situation for which you have NO evidence of right or wrong.
The facts are, "Someone in the employ of SAH breached their confidentiality oath and have been terminated. Families have been notified of the indiscretion and are understandably upset. Some of these family members are seeking explanation in the hope that it does not happen again. That's all!
If the threat of a lawsuit can persuade our government, and their charges of better diligence, then so be it.
In the meantime, I would urge all you basement dwelling experts to MYOB.
Sammy1099 5/4/2014 8:18:18 PM Report
God what a bunch of half-wits. I guess by some of the logic displayed on this board we shouldn't bother hiding our ATM,Bank website etc passwords. After all anything is hackable.
I suppose some of you dumb asses outsource your taxes to an accountant in China? Hey why not we have no privacy anyway.
I'll keep it real simple she broke the contract with her employer and was terminated.
Jimssm 5/5/2014 7:06:08 AM Report
"By the way did you know that all photocopiers made after 2000 have harddrives and everything that is emailed, faxed or scanned by them is held by the hard drive? So if the SAH has any of our information on their photocopier and they sell it or give it away without demolishing the photocopier hard drive whoever buys it can have access to all your information if it was scanned, etc by said copier"
This is no longer true, at least with respect to Health care and government installations.
Not only is all data erased on the hard drive after each job, what is on there is encrypted. As well, the hard drive must be surrendered to the government/hospital when the copier is removed.