Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records | Globalnews.ca
Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records
By Greg Davis Global News
Posted April 21, 2023 3:46 pm
Updated April 21, 2023 5:58 pm
3,500 patients affected in Campbellford Memorial Hospital privacy breach
close video
Campbellford Memorial Hospital is investigating a privacy breach affecting thousands of patients.
LEAVE A COMMENT
SHARE THIS ITEM ON FACEBOOK
SHARE THIS ITEM ON TWITTER
SEND THIS PAGE TO SOMEONE VIA EMAILSEE MORE SHARING OPTIONS
DESCREASE ARTICLE FONT SIZE
INCREASE ARTICLE FONT SIZE
Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records.
Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills.
In the letter, hospital chief privacy officer Erin Keogh says a clinician “mistakenly” thought they could access health records of patients not under their care for the purposes of their own clinical education.
READ MORE: 2 staff fired for patient privacy breaches at Campbellford Memorial Hospital
Citing privacy and family concerns, Global News will not identity a mother who received a letter stating her son’s health records had been accessed. Before opening the letter, she thought the hospital was soliciting donations for its proposed Campus of Care.
STORY CONTINUES BELOW ADVERTISEMENT
“When I first read the letter, I guess I was just disappointed,” she said. “In 2023 it’s pretty sad that privacy isn’t respected.”
Hospital president and CEO Jeff Hohenkerk says the unauthorized access was discovered during a routine review. An investigation determined the incident occurred “several months ago” and only involved a single clinician not known to any of the patients impacted.
“I want to stress unauthorized is internal — there was no targeted or malicious intent or hacking — it was an internal view of records,” Hohenkerk told Global News Peterborough on Friday.
Letters such as this one have been sent to patients informing them of a privacy breach at Campbellford Memorial Hospital.View image in full screen
Letters such as this one have been sent to patients informing them of a privacy breach at Campbellford Memorial Hospital. Submitted to Global News Peterborough
Hohenkerk says the investigation also determined the clinician did not specifically target the records of patients or shared the information with anyone else.
“We ensured there was no breach from outside and at the same time made sure that no information was accessed by anyone outside the organization,” he said.
STORY CONTINUES BELOW ADVERTISEMENT
“It’s not a security breach — it’s a privacy breach. There was no downloading or sharing with anyone else. It wasn’t targeted or (a) malcontent. It was for their own clinical education purposes and they didn’t realize it was a form of access that was strictly prohibited.”
But the mother says she doesn’t “buy” the hospital’s explanation when Global News informed that her son is among 3,500 patients impacted.
“It wasn’t following up on a case and they lifted the wrong patient file that has the same first and last name or a different birthday,” she said. “It’s a case of someone who willingly disregarded people’s privacy — and the hospital’s policy — and still did it anyway.”
“I think that’s probably a safe way that someone is covering their ass,” she added. “I don’t buy it.”
The hospital also notified the Information and Privacy Commissioner of Ontario (IPC) of the incident. In an email to Global News, the IPC says it was notified of the incident on April 14, but can’t provide any further details given the file is currently open on the matter.
READ MORE: Around 360K people in Ontario affected by COVAXon privacy breach
“Snooping is a serious issue that can erode patients’ trust and confidence in the health care system,” the office stated. “Health-care professionals need to know that any kind of snooping behaviour, whether motivated by curiosity, personal gain, or even concern, is completely unacceptable and can have devastating consequences for the individuals who are affected and themselves.”
STORY CONTINUES BELOW ADVERTISEMENT
A year ago, two employees were fired after “inappropriately” accessing information pertaining to approximately 500 patients at CMH. The hospital never provided details on their roles or what patient data was accessed.
However, Hohenkerk says the current case is being “dealt with differently” compared to the 2022 incident. Hohenkerk began his role at the hospital in March 2023.
The clinician has apologized and is undergoing further training and will be subject to “enhanced” monitoring, Keogh’s letter states.
“We’ve been directed (by the IPC) to notify patients by letter which we have done,” said Hohenkerk. “We’ve been directed to ensure the clinician undergoes additional training, which we have. And we also have to go through a process to ensure it wasn’t targeted — (that) it was internal and there was no malcontent.
“We followed the process and confirmed our findings.”
The mother impacted says there’s no difference in how or why the health records were accessed.
“Privacy is privacy — it doesn’t matter,” she said.
And she says the hospital has lost her future support.
“If you think I’m going to hand over my credit card to make a donation to the hospital now and do the same thing with it? Not a chance.”
By Greg Davis Global News
Posted April 21, 2023 3:46 pm
Updated April 21, 2023 5:58 pm
3,500 patients affected in Campbellford Memorial Hospital privacy breach
close video
Campbellford Memorial Hospital is investigating a privacy breach affecting thousands of patients.
LEAVE A COMMENT
SHARE THIS ITEM ON FACEBOOK
SHARE THIS ITEM ON TWITTER
SEND THIS PAGE TO SOMEONE VIA EMAILSEE MORE SHARING OPTIONS
DESCREASE ARTICLE FONT SIZE
INCREASE ARTICLE FONT SIZE
Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records.
Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills.
In the letter, hospital chief privacy officer Erin Keogh says a clinician “mistakenly” thought they could access health records of patients not under their care for the purposes of their own clinical education.
READ MORE: 2 staff fired for patient privacy breaches at Campbellford Memorial Hospital
Citing privacy and family concerns, Global News will not identity a mother who received a letter stating her son’s health records had been accessed. Before opening the letter, she thought the hospital was soliciting donations for its proposed Campus of Care.
STORY CONTINUES BELOW ADVERTISEMENT
“When I first read the letter, I guess I was just disappointed,” she said. “In 2023 it’s pretty sad that privacy isn’t respected.”
Hospital president and CEO Jeff Hohenkerk says the unauthorized access was discovered during a routine review. An investigation determined the incident occurred “several months ago” and only involved a single clinician not known to any of the patients impacted.
“I want to stress unauthorized is internal — there was no targeted or malicious intent or hacking — it was an internal view of records,” Hohenkerk told Global News Peterborough on Friday.
Letters such as this one have been sent to patients informing them of a privacy breach at Campbellford Memorial Hospital.View image in full screen
Letters such as this one have been sent to patients informing them of a privacy breach at Campbellford Memorial Hospital. Submitted to Global News Peterborough
Hohenkerk says the investigation also determined the clinician did not specifically target the records of patients or shared the information with anyone else.
“We ensured there was no breach from outside and at the same time made sure that no information was accessed by anyone outside the organization,” he said.
STORY CONTINUES BELOW ADVERTISEMENT
“It’s not a security breach — it’s a privacy breach. There was no downloading or sharing with anyone else. It wasn’t targeted or (a) malcontent. It was for their own clinical education purposes and they didn’t realize it was a form of access that was strictly prohibited.”
But the mother says she doesn’t “buy” the hospital’s explanation when Global News informed that her son is among 3,500 patients impacted.
“It wasn’t following up on a case and they lifted the wrong patient file that has the same first and last name or a different birthday,” she said. “It’s a case of someone who willingly disregarded people’s privacy — and the hospital’s policy — and still did it anyway.”
“I think that’s probably a safe way that someone is covering their ass,” she added. “I don’t buy it.”
The hospital also notified the Information and Privacy Commissioner of Ontario (IPC) of the incident. In an email to Global News, the IPC says it was notified of the incident on April 14, but can’t provide any further details given the file is currently open on the matter.
READ MORE: Around 360K people in Ontario affected by COVAXon privacy breach
“Snooping is a serious issue that can erode patients’ trust and confidence in the health care system,” the office stated. “Health-care professionals need to know that any kind of snooping behaviour, whether motivated by curiosity, personal gain, or even concern, is completely unacceptable and can have devastating consequences for the individuals who are affected and themselves.”
STORY CONTINUES BELOW ADVERTISEMENT
A year ago, two employees were fired after “inappropriately” accessing information pertaining to approximately 500 patients at CMH. The hospital never provided details on their roles or what patient data was accessed.
However, Hohenkerk says the current case is being “dealt with differently” compared to the 2022 incident. Hohenkerk began his role at the hospital in March 2023.
The clinician has apologized and is undergoing further training and will be subject to “enhanced” monitoring, Keogh’s letter states.
“We’ve been directed (by the IPC) to notify patients by letter which we have done,” said Hohenkerk. “We’ve been directed to ensure the clinician undergoes additional training, which we have. And we also have to go through a process to ensure it wasn’t targeted — (that) it was internal and there was no malcontent.
“We followed the process and confirmed our findings.”
The mother impacted says there’s no difference in how or why the health records were accessed.
“Privacy is privacy — it doesn’t matter,” she said.
And she says the hospital has lost her future support.
“If you think I’m going to hand over my credit card to make a donation to the hospital now and do the same thing with it? Not a chance.”
