It’s an interesting idea — and perhaps one whose time has come. Earlier this week, Eastern Health once again had to come forward and tell the province that it had caught employees improperly accessing patient records. This time, it was two clerks working in a rural clinic who had accessed the medical records of 46 people. One quit, the other was fired.
The revelations came on the heels of five other firings at Eastern Health and a similar case at Western Health, along with lawsuits against both health-care corporations.
In the age of computers, electronic records and the ability of curious staff to access records at the press of a button, it’s beginning to look like the health corporations are facing a serious problem.
But it’s not only in this province. In British Columbia, four health employees were fired and three were suspended in early September for the improper use of medical records. There, the RCMP is investigating.
Last week, Manitoba’s acting ombudsman, Mel Holley, issued a report on a privacy breach in that province’s health records system, where an employee accessed the cancer care records of a neighbour’s daughter. Holley has advised the Manitoba government to take its penalties far beyond a simple firing — he’s asked that government to bring in rules such as those found in Alberta, where the inappropriate accessing of medical records carries a whopping personal risk. Alberta health-care workers don’t just jeopardize their jobs if they snoop, they can actually be hit with serious fines. In 2007, a worker was fined $10,000 for accessing records improperly.
Manitoba has fines of up to $50,000 for inappropriately using medical information, but the fines don’t apply to those who have simply gained access to such information. Holley wants penalties to apply to snoopers in that province as well.
The Manitoba government says it plans to follow Holley’s recommendations.
In this province, the clearest example of privacy penalties is found in the province’s privacy legislation, which allows for fines of up to $5,000 for anyone who “wilfully discloses personal information.” As in Manitoba, the legislation does not seem to apply to individuals who simply snoop through others’ records, unless they actually disclose the details. This province also has health information legislation, which carries a $10,000 fine — but that fine has never been used.
Hefty fines clearly won’t solve every single problem where nosy people snoop in records that are at their electronic fingertips. But if there are clear and heavy penalties, including fines and dismissal, and if employees know that their use of medical records systems are being monitored and regularly audited, it may go a long way toward preventing more abuse, and preventing more stories like the ones we’ve heard all too many of recently.