News
Manitoba Health security breach prompts call for chief privacy officer

Last Tuesday’s report from the office of Charlene Paquin closes an investigation launched in 2014 after the former officer looked at the records while working as an auditor for Manitoba Health.

The ombudsman’s office says over a five-year period the man opened hundreds of personal health files.

In some cases he printed the information and in others he shared the health data without approval to outside organizations, including police.

Paquin’s office has put forward 11 recommendations aimed at creating better procedures for maintaining and auditing records of user activity.

Winnipeg police and the RCMP have not responded to requests for comment on the report.

Despite resigning June 30, 2014, the ombudsman’s report said the man was also able to get into the building the next day, log onto his computer and that he “appeared to have deleted files from his account.”

This was a “significant privacy breach,” Paquin’s report makes clear, and Manitoba Health takes “ultimate responsibility.”

“It’s imperative that organizations have effective policies and procedures in place to prevent, detect and properly manage breaches, should they occur,” Paquin said in an emailed statement.

Although the first-of-its-kind court case into the matter wound up in September with the man’s lawyer defending the act as being “done out of parental concern, plain and simple,” Paquin makes clear it wasn’t just his daughter the man spied on.

The retired officer was fined $7,500.

Manitoba Health has already accepted six of the ombudsman’s recommendations outright, while three more are under consideration. Two additional recommendations have been accepted in part.

The ombudsman is recommending the province establish a chief privacy officer, a senior official who would be tasked with co-ordinating the department’s “privacy responsibilities.” Manitoba Health hasn’t said whether it will accept that recommendation.

The department calls it “very timely,” in its official response, given the ongoing consolidation and reorganization efforts for health-care delivery across the province.

There is no one in the role yet, a spokeswoman confirmed via email, however “options for creating such a position will be considered.”

The department has already taken several steps in recent years to improve privacy procedures, including the creation of a more robust auditing process and more expansive guidelines for how to respond to such breaches going forward.

“People expect Health Department staff to follow the rules around the privacy of the information they have access to, and so do I,” Health Minister Kelvin Goertzen said in a release.

News from © Canadian Press Enterprises Inc., 2017