Well being authority didn’t correctly report privateness breach, N.W.T. privateness commissioner says

The N.W.T. info and privateness commissioner mentioned the territory’s well being authority didn’t correctly report…

Well being authority didn’t correctly report privateness breach, N.W.T. privateness commissioner says

The N.W.T. info and privateness commissioner mentioned the territory’s well being authority didn’t correctly report a privateness breach involving private medical info that was mistakenly shared with the incorrect affected person.

The commissioner discovered that the division violated the Well being Info Act by quietly fixing the error earlier than reporting the incident months later, following a affected person grievance. 

On March 6, 2020, a affected person attended a psychiatric appointment to overview an evaluation. In reviewing the report, the affected person mentioned “it turned obviously apparent” that the data was not about them, in accordance with the commissioner’s November 2022 report on the incident. 

The evaluation report had the affected person’s identify and birthday, however mistakenly included another person’s job title, analysis and different private figuring out info. 

The physician, a locum, advised the affected person they might comply with up later that day about “the discrepancy” however by no means did. When the affected person known as the clinic three days later, the locum had left city and the clinic mentioned it could not present any extra info. 

Just a few days after that the affected person submitted a grievance to the well being minister and requested a overview by the territory’s info and privateness commissioner. 

One week after the incident, the Northwest Territories Well being and Social Companies Authority (NTHSSA) known as the affected person to verify that there had been an error of their document however that each sufferers’ digital medical information had been corrected. 

NTHSSA formally notified the commissioner concerning the breach two months later. 

Commissioner Andrew Fox reviewed the incident and mentioned that NTHSSA violated coverage and the Well being Info Act in its reporting of the incident. 

Andrew Fox, the N.W.T. Info and Privateness Commissioner, discovered that NTHSSA didn’t report the privateness breach ‘as quickly as fairly potential.’ (CBC Information)

Whereas the clinic employees corrected the error, 4 days after the incident, Fox mentioned the well being authority was late to report the error — doing so months later, solely after a number of requests from the commissioner’s workplace. 

The Well being Info Act requires that affected events be notified “as quickly as fairly potential.” 

The second affected person, whose evaluation was mistakenly shared with the individual attending the March 6 appointment, was solely notified concerning the privateness breach in Could, over two months after it occurred.   

The Act additionally requires formal written discover. That was by no means offered to the primary affected person who submitted the grievance. 

Fox’s report mentioned that NTHSSA’s ultimate privateness breach report was tardy and lacked element. 

The report was submitted 5 months later than promised and 7 months after the incident. Fox mentioned the well being authority additionally didn’t determine long-term measures to forestall a future breach and solely “recommends” improved coaching for locum medical doctors.

The commissioner additionally recommends that notes needs to be reviewed earlier than going into the digital medical document system.

NTHSSA to replace coaching

In line with the NTHSSA, the privateness breach was a results of the locum physician’s workload. The division mentioned the physician was speeding to switch their notes into the digital system. The well being authority mentioned that is what result in the “mismatched” info. 

“As is usually the case, a second’s inattention led to a breach of affected person privateness,” Fox wrote in his report.


In his most up-to-date annual report, Fox mentioned his workplace investigated 234 violations of the territory’s Well being Info Act between April 1, 2021 and March 31, 2022, representing a major enhance from the 87 information the workplace investigated within the earlier 12 months. 

Fox mentioned the rise was probably a results of extra thorough reporting and he anticipates that quantity to proceed to extend.

Transmitting private well being info via e-mail or fax machines continues to be a supply of privateness breaches, he mentioned.   

In his report, Fox advisable guaranteeing employees have required coaching, together with figuring out breaches and applicable reporting necessities. 

He additionally steered reviewing procedures on how you can set up medical doctors’ notes are correct earlier than going into the digital system. 

NTHSSA spokesperson David Maguire mentioned that the division plans to replace its coaching system. The upgrades are anticipated to raised monitor coaching, together with coaching on managing non-public info.

Maguire mentioned the brand new system shall be applied this fall. Within the meantime, he mentioned NTHSSA offers entry to privateness coaching for all employees.