Skip to content

Privacy breach at Red Deer hospital: Some patient data accessed

Alberta Health Services is notifying patients whose electronic patient records were accessed inappropriately at Red Deer Regional Hospital Centre by APL clinical laboratory staff working at the hospital laboratory.
18814498_web1_190427-RDA-Red-deer-hospital

Alberta Health Services is notifying patients whose electronic patient records were accessed inappropriately at Red Deer Regional Hospital Centre by APL clinical laboratory staff working at the hospital laboratory.

An internal investigation by the privacy department at Alberta Public Laboratories (APL) has confirmed inappropriate access within 2,158 patient electronic health records at RDRHC.

SEE RELATED

Patient data stolen during theft at Red Deer hospital

There is no evidence that any information included in these electronic health records was used inappropriately, AHS confirmed in a release. These inappropriate access incidents did not impact patient care or the accuracy of patient records.

The investigation was initiated in followup to a routine audit of APL’s electronic laboratory information system in April 2019 that identified unusual login activity had occurred within the patient electronic health records. The ensuing investigation examined a six-month period (December 1, 2018, to May 13, 2019).

The majority of the 2,158 patient health records were of RDRHC emergency patients and consisted of a range of personal demographic information, test orders and clinical records.

APL has reported the breach to Alberta Health and the Office of the Information & Privacy Commissioner of Alberta (OIPC).

“APL regularly audits its electronic laboratory information system to ensure all access and use is job-related and consistent with our legal obligations,” said APL CEO Craig Ivany. “APL takes the privacy and confidentiality of patient information seriously and non-work related access to patient records is a serious breach of confidentiality and a direct violation of APL privacy and information security policies,” he said.

Thirty staff members had varying degrees of involvement in the breach. Three are no longer employed by APL.

Notifications to affected RDRHC patients were mailed by APL Thursday in accordance with the Health Information Act. Only those individuals who receive letters were subject to this privacy breach.

Individuals receiving notification letters will be able to contact a dedicated call-line available through Health Link to ask any questions they may have. Additionally, contact information for the OIPC will be provided should anyone wish to report a concern related to this incident.

Alberta Public Laboratories is a wholly-owned subsidiary of Alberta Health Services with its own governance board.



Send your news tips

Like us on Facebook and follow us on Twitter