Nunavut’s information and privacy commissioner again called on the Health Department to improve the way it protects people’s privacy. In a report released July 2, Graham Steele recommended the department address a privacy breach in which an employee went through two patients’ medical records without authorization or disclosure between April 2023 and April this year. The employee — who is not identified in the report — resigned the day after being informed by a manager of the allegations that they had viewed the charts without clinical reason, and has since left Nunavut.
The report said that according to a summary from Meditech, whose software system is where electronic medical records are stored in Nunavut, the employee accessed one patient’s medical chart on five different days and the other patient’s chart on 14 different days. The employee was not involved in either patients’ care at any time. “This is far from the first time this kind of case has presented itself,” Steele said in an interview.
“What I worry about is because it’s so hard to detect when somebody does it, there may be so many cases out there that we’re not even aware about.” As in previous reports involving breaches of privacy, Steele again recommended the Health Department develop a comprehensive “anti-intrusion” plan for the Meditech system. He also recommended the department develop a written policy procedure for filing professional disciplinary complaints in cases of intru.
