Manitoba health worker dismissed for unauthorized access to patient records

A clinical staff member at Manitoba’s Health Sciences Centre (HSC) has been terminated after an internal investigation revealed unauthorized access to the personal health information of approximately 360 patients. The breaches occurred over several months, from August 2023 to March 2024, Shared Health reported on Friday.

Christina Von Schindler, Shared Health’s chief privacy officer, emphasized the organization’s commitment to safeguarding patient information. She regretted the incident, noting that Shared Health’s existing protocols were instrumental in detecting unauthorized access. “Shared Health takes the safety and security of patients’ personal information very seriously, with several protocols in place to detect inappropriate access to private patient information. Regrettably, patient privacy was breached,” she stated.

Following the breach, Shared Health notified Manitoba’s ombudsman and contacted the affected patients. These individuals have been advised to contact Shared Health’s privacy office for further discussion and to obtain a record of user activity on their electronic health records.

The breach adds to a history of data security incidents at Shared Health. In 2016, an HSC employee improperly accessed a file containing 1,000 patient records, and another worker was caught snooping on 200 patient health files shortly after that.

Shared Health mandates all employees to undergo regular training on the appropriate use of personal health information and to sign a pledge adhering to the Personal Health Information Act (PHIA). These training sessions are refreshed every three years, complemented by routine audits to monitor employee access to electronic health records.