Privacy breach at eHealth
Corporation lacked ‘legislative authority’ to share residents’ health card numbers
Health card numbers erroneously given to Elections Saskatchewan
A report from Saskatchewan’s privacy commissioner says the Crown corporation that handles the province’s health information system shared information it should not have about every adult and many teenagers in the province.
But eHealth Saskatchewan says that clinical information was not among the data it passed along without legal authorization to Elections Saskatchewan.
In a 14-month period, eHealth sent the names, addresses, dates of birth, residency status and health card numbers of all Saskatchewan residents older than 16 and inadvertently sent similar data belonging to tens of thousands of people younger than that to Elections Saskatchewan, to help the latter keep election rolls up to date.
Saskatchewan’s privacy commissioner, Ron Kruzeniski, issued a report late last month, finding that eHealth did not have legislative authority — permission in law — to release the information.
“I regret having to reach this conclusion because having an upto-date register of voters is important for our democracy,” he wrote. “eHealth is the trustee of valuable, current personal health information that can assist in maintaining an up-to-date register of voters. However, the legislation, as is, does not support the disclosure of this information.”
The report calls on eHealth and the ministries of Health and Justice to work together on an amendment to the Health Information Protection Act to allow for information sharing. But Kruzeniski recommends a discussion of whether health card numbers need to be shared.
Shaylene Salazar, vice-president of strategy and risk management, said when a third party approaches eHealth, it typically reviews the legislation governing it. In this case Elections Saskatchewan would be responsible for reviewing its own legislation.
“We felt we had the legislative authority to proceed with a sharing agreement. That’s why we entered into it,” she said.
Elections Saskatchewan and eHealth reached an agreement in August 2015 to share information about residents 16 and older.
In an email, Elections Saskatchewan senior director Tim Kydd said the agency “received information from eHealth that was beyond what was requested and what was agreed to.”
He said they notified eHealth about the error — the unintended sharing of information of people under 16 — and the information was destroyed.
“The information was briefly accessed by two Elections SK staff, which is how the error was discovered. The unintended information was never used or shared and was always on a secure server based at Elections SK’s head office,” he wrote.
On Jan. 18, eHealth reported a privacy breach to the Information and Privacy Commissioner’s office. Specifically, it informed the privacy commissioner that it had been sharing the “personal health information” of residents over the age of 16 and of 50,624 to 83,403 individuals under the age of 16 with Elections Saskatchewan between November 2015 and January 2017, according to Kruzeniski’s report.
Salazar said in an interview with the StarPhoenix on Thursday that health card numbers were shared because it is a common identifier within the system. Since each health card number is unique, it clearly differentiates between individuals with similar names or the same name.
Kruzeniski recommended that eHealth inform the public via the media and by posting a notice about the breach on its website, which eHealth has complied with.
In an interview Thursday, Kruzeniski said his office needs to support a strong democratic system, and an updated voter registry is essential. Other agencies have legislative authority to ask for health services cards as a means of identification.
He said members of the public “don’t have to view it like we view other breaches, where someone comes from the outside and then steals a whole bunch of information. It isn’t that kind of breach.”
Kruzeniski is also recommending that eHealth work with Elections Saskatchewan on the best way to share the identities of residents who will be eligible to vote in the next election.