THUNDER BAY – The regional hospital is welcoming proposed provincial legislation that would increase penalties for the leaking of confidential patient information.
Chisholm Pothier, the Thunder Bay Regional Health Sciences Centre’s vice-president of communication and engagement, said though mistakes can happen the hospital has appropriate measures already in place to protect patient privacy.
“It does happen and it’s definitely a concern to us when it does happen. We take all measures to rectify,” he said.
“We do take it seriously and I’m very confident in saying the people of Northwestern Ontario can be confident in the security of our system.”
Earlier this week Health Minister Eric Hoskins said he intends to introduce amendments to the Personal Health Information Protection Act when Queen’s Park sittings resume in the fall. His changes would make it mandatory to report all breaches to the Information and Privacy Commissioner, as well as increase the fines for illegally accessing records from $50,000 to $100,000 for individuals and from $250,000 to $500,000 for institutions.
Patient privacy has been an increasing concern after numerous incidents, such as employees at the Rouge Valley Centenary Hospital accessing medical records of new mothers to send to information to marketing firms as well as nurses improperly looking at the records of former Toronto mayor Rob Ford following his cancer diagnosis.
Thunder Bay has a recent history of privacy breaches. More than 500 people had their records improperly accessed between July 2012 and April 2013 after a hospital physician shared username and password information with another physician who did not have that authority.
In 2010 patient records from the former Port Arthur General Hospital were found blowing in the wind after its demolition.
While he did not have information about how often breaches occur at the regional hospital, Pothier said most are simple mistakes rather than intentional leaking.
“Most breaches of privacy are going to be inadvertent and accidental so we’re always going to look at those as learning opportunities,” Pothier said, adding both the individual and institution can make improvements when they do happen.
“There is a process we would follow. The breach would be identified, passed on to the relevant parties, the relevant parties would deal with the people involved in the breach and then recommendations and actions would be taken to improve the system.”
In the event of an intentional and malicious breach, the person responsible could face termination depending on the circumstances.
Pothier emphasized when any kind of breach happens, hospital staff make sure to resolve the issue in a transparent manner.
“If privacy was breached for an individual and they weren’t aware we would notify them in most cases,” he said. “We would bring them in on the discussion and make sure they were aware we have this situation and what we’re doing to rectify it.”
The proposed amendments were first brought forward in 2014 but were lost when the provincial election campaign dissolved the legislature.