N.W.T.’s medical record system under the microscope after 2 reported cases of snooping

Recent reports of privacy breaches involving medical records have shed light on vulnerabilities in the Northwest Territories Health and Social Services Authority’s electronic medical record system. These breaches, which involved intentional and unauthorized access to private health information, have raised concerns about the protection of patient data in the territory.

One case that came to light this year involved two health-care workers who accessed the medical records of a woman with whom one of them had been in a relationship. The employees, who were siblings, repeatedly snooped in the patient’s records without her knowledge or consent. It wasn’t until the patient requested a “record of activity” report that she discovered the breach, leaving her feeling violated and distressed.

Another case reported by the privacy commissioner revealed an administrative clerk who accessed and shared private health information from an electronic medical record without authorization. The clerk admitted to wrongdoing and was eventually fired, but the breach highlighted the potential for misuse of sensitive patient data within the NTHSSA.

The NTHSSA uses a role-based access system to control employee access to electronic medical records, limiting it to what is necessary for their specific roles. However, the commissioner noted instances where access was not restricted appropriately, allowing for unauthorized viewing of patient information.

In response to these breaches, the NTHSSA CEO has emphasized the importance of investigating and notifying affected individuals promptly. The agency is also reviewing its practices and enhancing mandatory privacy training to prevent future incidents.

Despite efforts to safeguard patient data, auditing electronic medical records for unauthorized access remains a challenge. Routine audits may not always detect breaches, as legitimate access by employees with appropriate permissions can be indistinguishable from unauthorized access.

Experts have raised concerns about the ethical implications of the EMR system’s structure, suggesting that additional safeguards should be implemented to prevent unauthorized access. While the NTHSSA asserts that its current system complies with privacy legislation, plans are underway to replace it with a more secure platform in the near future.

Residents who are concerned about the privacy of their health information can file access to health information requests online to ensure the confidentiality of their medical records. By addressing vulnerabilities in the electronic medical record system and enhancing privacy measures, the NTHSSA aims to protect patient data and uphold the trust of those who rely on their services.