More than 3,000 patients, over a two-year period, had their electronic health records improperly accessed at Red Deer Regional Hospital Centre, says Alberta Health Services.
AHS said access did not impact patient care, or the accuracy of patient records.
Affected patients were sent notifications by mail on April 12 in accordance with the Health Information Act. Only those individuals who receive letters were subject to the privacy breach.
An internal investigation by AHS revealed 3,224 patients had their electronic health records accessed improperly by two clerical employees in the diagnostic imaging department.
The investigation showed that one employee had improperly accessed the patient information of 3,147 individuals between Oct. 2018 and Oct. 2020, and a co-worker improperly accessed the patient information of 77 individuals.
Both individuals involved are no longer employed by AHS.
The breach has been reported to Alberta Health and the Office of the Information and Privacy Commissioner of Alberta.
“AHS takes the privacy and confidentiality of patient information seriously, and non-work related access to patient records is a clear breach of confidentiality and a direct violation of privacy and information security policies,” said Janice Stewart, chief zone officer with AHS’s Central zone.
“We understand that patients trust AHS to appropriately access and safeguard their health and personal information. AHS remains fully committed to ensuring safeguards are in place to build this trust by preventing inappropriate access, use or disclosure of patient information.”