Eastern Health has issued a news release, saying it has experienced an "accidental" breach of privacy of 63 of its clients.
The health authority said the accidental breach occurred when the briefcase of an employee was stolen from a vehicle while left unattended for about 10 minutes on the evening of April 17.
The briefcase, which hasn't been recovered, is said to have contained one client chart and a notebook with limited personal health information of 62 other clients. "I regret that this incident had occurred, and I apologize to all of the patients whose privacy has been accidentally breached," said Vickie Kaminski, president and CEO of Eastern Health.
“We continue to hold zero tolerance for any wilful privacy breach that occur in our organization, and will make every effort to learn from this accidental privacy breach in efforts to further strengthen our privacy and confidentiality practices," Kaminski said.
Eastern Health said it has identified all the patients affected by the privacy breach and, as of today, it has contacted the majority of those impacted. The Office of the Information and Privacy Commissioner has also been notified of the incident.
The health authority said there are incidences when it is appropriate for employees of Eastern Health to have personal health information outside of its facilities, such as during the provision of care and service delivery.
The news release said Eastern Health has policies in place to "help guide the security of personal health information while it is in use on its property, and when employees are off site or in transit."
This incident is the second accidental breach of personal health information that Eastern Health has experienced last week.
On April 16, a briefcase was stolen from another employee's vehicle. That briefcase, which contained information on two patients, has since been recovered. Eastern Health said the patient information remained intact and the two patients were advised of the incident.
Eastern Health said it has communicated to its managers to remind staff of their duty and the importance of securing patient information at all given times.
The health authority said it holds its responsibility to the public and as a custodian of personal health information in the highest regard.