Demo

Threats on personal health information

admin
March 23, 2011

A recent HIPAA violation in Canada  where an imaging technician accessed the medical records of her ex-husband’s girlfriend comes as no surprise to me. Data leakage of ePHI in hospitals is rampant simply because a) there is a lot of it floating around and b) because of human nature.  Humans being naturally curious, sometimes vindictive and always worried when it comes to the health condition of friends and family will bend the rules to get information.   HIPAA risk and compliance assessments that we’ve been involved with at hospitals in Israel, the US and Australia consistently show that the number one attack vector on PHI is friends and family, not hackers.
Courtesy of my friend Alan Norquist from Veriphyr
Information and Privacy Commissioner Ann Cavoukian ordered a Hospital in Ottawa to tighten rules on electronic personal health information (ePHI) due to the hospital’s failure to comply with the Personal Health Information Protection Act (PHIPA).

The actions taken to prevent the unauthorized use and disclosure by employees in this hospital have not been effective.” – Information and Privacy Commissioner Ann Cavoukian

The problem began when one of the hospital’s diagnostic imaging technologists accessed the medical records of her ex-husband’s girlfriend. At the time of the snooping, the girlfriend was at the hospital being treated for a miscarriage.
Commissioner Cavoukian faulted the hospital for:

  • Failing to inform the victim of any disciplinary action against the perpetrator.
  • Not reporting the breach to the appropriate professional regulatory college.
  • Not following up with an investigation to determine if policy changes were required.

The aggrieved individual has the right to a complete accounting of what has occurred. In many cases, the aggrieved parties will not find closure … unless all the details of the investigation have been disclosed.” – Information and Privacy Commissioner Ann Cavoukian

It was not the hospital but the victim who instigated an investigation. The hospital determined that the diagnostic imaging technologists had accessed the victim’s medical files six times over 10 months.

The information inapprorpriately accessed included “doctors’ and nurses’ notes and reports, diagnostic imaging, laboratory results, the health number of the complainant, contact details … and scheduled medical appointments.” – Information and Privacy Commissioner Report

Sources: 
(a) Privacy czar orders Ottawa Hospital to tighten rules on personal information – Ottawa Citizen, January, 2011
 

More Articles

July 27, 2025 No Comments

Understanding Withdrawal Speeds and Limits at Dolfwin Casino In this article, we will delve into the crucial aspects of withdrawal speeds and limits at Dolfwin

Read More »

July 26, 2025 No Comments

Explora la experiencia móvil que ofrece Spin Casino MX a sus usuarios En la era digital actual, los casinos en línea han evolucionado para ofrecer

Read More »

July 26, 2025 No Comments

Descubre cómo contactar a Spin Casino: El número de contacto que necesitas En este artículo, te proporcionaremos toda la información necesaria para contactar a Spin

Read More »

July 24, 2025 No Comments

SG Casino Erfahrungen: Was sagen die Spieler über die Vielfalt der Boni und Aktionen? In diesem Artikel beleuchten wir die Erfahrungen von Spielern mit den

Read More »

Clinical data made radically simple and affordable.

Contact

Contact us

Get a demo

Resources

Blog

Flask Open API for clinical data

Linkedin Envelope Twitter

Copyright © 2022 Flask Data Ltd. All Rights Reserved.

Privacy Policy | Terms of Use

Get a Demo