A privateness breach affecting individuals who stayed at a COVID-19 isolation centre is the newest in a protracted line of circumstances of well being data being mishandled within the Northwest Territories.
Late final week, the N.W.T. Division of Well being and Social Providers issued discover of the “low-risk” breach involving about 2,000 COVID-19 isolation types, which embody names, cellphone numbers, addresses and emails of people that stayed at an isolation centre in Yellowknife between August 2020 and April 2021.
It stated a field containing the paperwork left behind by the disbanded COVID-19 Secretariat was found at a authorities warehouse in late June.
Whereas the data by no means left the territorial authorities’s custody, there have been a number of current circumstances the place personal well being data was publicly disclosed.
“Inadvertent errors or lack of paying consideration is usually a disturbingly massive reason for these items,” stated N.W.T. data and privateness commissioner Andrew Fox.
“There are others although. Every so often, one thing will occur like this the place some system or administrative process hasn’t been adopted and paperwork are left probably unsecured.”
In his newest annual report, Fox says between April 1, 2021, and March 31, 2022, his workplace investigated 234 new violations of the territory’s Well being Info Act, almost triple the 87 recordsdata within the earlier yr. He stated the rise was doubtless because of extra thorough reporting and modifications in operations, staffing and coaching through the pandemic.
Of the brand new recordsdata, 55 concerned the COVID-19 Secretariat, a few of that are nonetheless underneath investigation.
One troubling reason for privateness breaches, Fox stated, has been the territory’s continued use of faxes, a difficulty over which the commissioner’s workplace has lengthy chastised the federal government.
There has additionally been an rising variety of circumstances the place personal well being data was improperly disclosed through e-mail, Fox stated. Others concerned the misidentification of sufferers and data, and a scarcity of cheap safety measures for paper data.
Fox stated the territory must dedicate extra workers and supply extra coaching to make sure personal data is protected. He famous the COVID-19 Secretariat was “lacking some key people within the privateness side.”
“Coaching is pricey. It’s time consuming. There’s no query. Nonetheless … privateness coaching is necessary,” he stated.
Whereas the Division of Well being and Social Providers established a compulsory privateness coaching coverage for all its workers in 2017, Fox stated he was informed in 2021 they had been “barely hitting” 50 per cent of workers.
Chief well being privateness officer Livia Kurinska-Hrdlickova stated the division is frequently working to enhance privateness practices, together with coaching.
“The Division of Well being is dedicated to make sure the protective of private data of residents always,” she stated.
Kurinska-Hrdlickova acknowledged there have been challenges through the pandemic as some workers had been redeployed to areas they didn’t usually work in and plenty of had been underneath stress with excessive workloads.
Whereas well being custodians and territorial governments have pledged to lower the usage of faxes, Kurinska-Hrdlickova stated they’re typically nonetheless required when different kinds of communication are absent or there are restrictions when speaking between jurisdictions. She added safeguards carried out for emails embody the usage of safe file transfers.
Well being and Social Providers Minister Julie Inexperienced’s workplace declined an interview, saying the matter was “extra operational in nature.”
There have been a number of noteworthy well being privateness breaches within the N.W.T. over the previous decade.
In November 2014, a physician with the Stanton Territorial Hospital misplaced an unencrypted USB stick containing the personal data of greater than 4,000 individuals, together with medical recommendation for 52 sufferers. It was discovered and returned the next month.
In June 2018, the territorial authorities introduced an unencrypted laptop computer containing the well being data of greater than 33,000 N.W.T. residents – the vast majority of the territory’s inhabitants – was stolen from a locked automobile in Ottawa that Might. CBC later reported inside paperwork indicated greater than 39,000 N.W.T. residents, plus tons of of non-residents, had been affected.
A proposed class-action lawsuit was filed towards the territorial authorities over that breach in 2019.
Then in December 2018, a resident informed CBC he had discovered hundreds of personal well being data left in a public space on the dump in Fort Simpson, N.W.T. In reviewing the breach, nevertheless, then-privacy commissioner Elaine Keenan-Bengts stated she couldn’t decide how the 124 file folders turned over to her got here into the resident’s possession.
Whereas Keenan-Bengts warned well being officers the territory was “ripe for the same breach to happen,” lower than a yr later, in July 2019, one other resident discovered greater than 60 CDs with personal well being data on the dump in Yellowknife. The commissioner stated the breach was associated to Stanton Territorial Hospital’s transfer to a brand new constructing the place contractors weren’t given privateness coaching.