Privacy breach stokes fears
EDMONTON — Albertans worried about the theft of a laptop containing the health information of 620,000 patients are phoning with questions about whether their privacy has been compromised.
A call centre set up by Medicentres Canada Inc., which operates 25 family health clinics in Edmonton and Calgary, had received more than 275 calls by Thursday morning, with many more expected.
Dr. Arif Bhimji, a spokesman for the private company, said people are being told to come in to a clinic to check if their private data was on the laptop.
They are also being urged to check their financial records for unusual activity.
“We are telling them to monitor their credit card statements, bank statements, and similar types of documents and to consider getting a credit report from Transunion or Equifax, which are the main credit reporting agencies in Canada,” he said.
The information on the stolen laptop includes unencrypted names, birthdates, health card numbers, billing codes, billing amounts and diagnostic codes for patients who were seen at Medicare clinics from May 2, 2011, to Sept. 19, 2013.
Bhimji said there has been no indication of any fraudulent activity involving the health information.
He said people phoning the call centre are also asking what happened, and why it took so long for the theft to be made public.
Health Minister Fred Horne said the laptop was stolen Sept. 26 and reported by Medicentres on Oct. 1 to Alberta privacy commissioner Jill Clayton and Edmonton police.
Horne said he was not told until Tuesday, when he received a letter from the company.
Clayton said she will launch an investigation, but noted there is nothing in provincial law that requires a health provider such as Medicentre Canada to report such a theft or notify any people affected by a privacy breach.
She also said she has no authority under Alberta law to report such a theft to the provincial government.
Clayton said Alberta’s law needs to be changed.
“This case is an important reminder of the need for these types of provisions in the Health Information Act,” she said Thursday in a release. “I will be formally asking the government to consider such an amendment.”
Horne said the patient health information should not have been stored on a laptop and should not have been stored in unencrypted form.
He also said the government expects that people who are in custody of such information take necessary steps to protect it.
Horne said he thinks the government would be open to improving the law.
“The concern is about how so much time went by before patients were notified,” Horne said in Red Deer.
“We will look at that and if there are things we can do to strengthen the Health Information Act I am completely there, and I am pretty sure my colleagues will support me.”
Clayton said her investigation will also look into other privacy breaches involving health information, but did not provide any details.
Bhimji said the laptop was in the custody of an IT consultant when it was stolen. He said the consultant no longer does work with Medicentres Canada.