EDITORIALS Crack down on snooping into health records
Yet another Island Health staff member has been fired for snooping on patient records. An administrative-support worker at Nanaimo Regional General Hospital improperly accessed the medical files of 102 people.
The health authority apologized, said it had informed the patients involved and promised to do better.
But this is the fifth time in seven years that Island Health staff have rifled through files they had no right to see. To insist, as management has, that employees are told this is completely unacceptable, and that every staff member signs a confidentiality agreement, is all well and good.
And evidently, on this occasion, the snooper failed to access the full content of the files he or she read.
But these continuing breaches of a system that is supposed to be secure are deeply concerning.
The health authority is developing an electronic record for every patient on the Island. The value of such a project is that it brings together in one file every interaction that patients have had with the health-care system.
That allows physicians, for example, to learn instantly if a person is allergic to certain medications or has not responded well to some forms of treatment. It is particularly valuable when a patient is brought to the emergency department unconscious and unable to give a past history.
However, all-encompassing records of this kind pose a greater threat to patient privacy. If they are broken into, much more is revealed. And considering the record of ongoing breaches, what reason is there to suppose this won’t happen?
B.C. privacy commissioner Michael McEvoy has suggested a solution.
It is illegal, under our privacy statutes, to disclose the content of personal files that have been accessed improperly. But such rummaging itself is not against the law.
This is inexplicable. Apparently, we’re saying it is legal to snoop, so long as you don’t tell anyone and keep the information to yourself. How does this possibly square with the intent to keep private records out of the wrong hands?
McEvoy points out that B.C. is almost alone among the provinces in leaving this gap unplugged and he makes the obvious proposal.
The province should amend the statutes involved to make it illegal to snoop on patient files (and other personal records), regardless of whether the information is passed on. He suggests, as previous commissioners have, a fine of as much as $50,000 for behaviour of this kind.
There is an additional benefit in criminalizing snooping. At present, we frequently read of employees being dismissed for privacy breaches, but almost invariably their identities are withheld. That was the case with all the Island Health staffers fired over the years.
The reason is that to name them has been considered an invasion of their privacy. But what right have they to this protection, when they have acted in a manner serious enough to warrant dismissal?
If the commissioner’s proposal is accepted, this cloak of anonymity would disappear. To initiate criminal proceedings necessitates a trial and in the process, the identity of the person charged would become known.
This has value, because at present those Island Health staffers and others who have been fired can go on to work elsewhere, without their new employer learning of their past behaviour. That might be in their interest, but it is not in the public interest.
Both as citizens and patients, we have a right to know that everything possible is being done to protect our privacy. As things stand, that cannot be said.
Health Minister Adrian Dix has indicated he is open to hearing the commissioner’s request that there be more serious consequences. He should do more than consider the request, he should act on it.