REGINA — Saskatchewan’s privacy commissioner has found eight people inappropriately gained access to the electronic health records of 10 Humboldt Broncos team members involved in a bus crash last April.
Sixteen people were killed and 13 were injured in the crash between the junior hockey team’s bus and a semi trailer at a rural Saskatchewan intersection.
“Due to the high-profile nature of the crash, eHealth Saskatchewan understood the risk of snooping,” said a report from information and privacy commissioner Ronald Kruzeniski.
The report said the health agency began monitoring the profiles of the patients — which included lab results, medication information and chronic diseases — three days after the crash.
“Between April 9, 2018, and May 15, 2018, eHealth detected eight users of the viewer, mostly physicians, accessed without apparent authority the profiles of 10 patients.”
The report shows eHealth reported the breaches to the privacy commissioner July 5.
“This has been a major tragedy in our province and I’m disappointed that people got tempted,” Kruzeniski said in an interview with The Canadian Press on Monday. ”Now that it’s happened, it’s my job to work with others through education and legislative change (to) make the system work.”
His report, which has been posted online, detailed the privacy breaches.
In one case, an employee of a medical clinic examined the health information of three people involved in the collision.
The assistant admitted she consulted the records because “her family members had heard one of the individuals had died and she wanted to verify the information; she thought another individual was a patient … (and) she wanted to verify a detail that was reported by the media about one of the individuals.”
The report said the employee’s access to eHealth was suspended and she was given further training, but she has since resigned.
Another case involved a doctor at a Humboldt clinic who viewed the records of two people, including one who was a patient prior to the crash.
“Dr. D wanted to know what injuries the individual sustained, if the individual received care or if it was an instant fatality,” said the report. “For the other individual, it explained Dr. D was concerned.”
Other cases included three doctors who provided emergency care at the Nipawin Hospital and who reviewed patient records of those they treated.
“They believed they were in the individuals’ ‘circle of care,’” said the report.
The privacy commissioner said the province’s Health Information Protection Act does not address circles of care so the doctors were no longer authorized to access the records.
“You are entitled to access when you have a need to know, not an anticipated need, not, ‘Gee, I might like to know.”