On June 22, the Nova Scotia Supreme Court in Halifax ruled on a class action lawsuit, saying that Roseway Hospital had up to 40 days to pay out $1 million in total. In addition to the individual payouts to those who privacy was breach, the remainder of the money will pay the legal fees.
In 2012, the South West Nova District Health Authority sent letters to 707 people explaining that their privacy had been breached when it was discovered an admissions clerk, Cheryl Decker, had inappropriately accessed several hundred patient files. She was reportedly only authorized to look at a dozen of those files.
The authority began an investigation when they discovered Decker was sifting through medical records over several months without a valid reason.
The decision on this case set a precedent in Canadian courtrooms on breach of privacy, according to attorney Raymond Wagner, a lawyer who represented the 681 eligible class members in what was said to be the biggest privacy breach case in Canada to go before the court.
“It is the first intrusion upon seclusion case in Canada to have a resolution with monetary repercussions,” he said at the time of the ruling.
Willa Magee is one of the victims involved in the breach.
“The cheque provided a wee bit of closure, but not much,” says Magee. “I have no indication that the health authority has improved or changed anything with regard to protecting one’s privacy.”
Nova Scotia Health Authority spokesperson Fraser Mooney says that several steps have been taken to ensure patient privacy.
He says while it is important to note there is reasonable access by staff and physicians in order to perform their work role, if an employee uses access beyond their work role it is inappropriate and may breach confidentiality.
“The NSHA takes several steps to ensure that all employees understand appropriate access and their obligation to keep patient information confidential, as well as to monitor access and identify inappropriate activity,” says Mooney.
These steps include:
• Pledges of confidentiality signed by all new staff, and standard orientation regarding privacy across the province.
• Ongoing in-person education for managers and front-line staff.
• A new online privacy and confidentiality learning module that was introduced this summer, with the expectation that all staff will complete and submit pledge of confidentiality. This is something the existing staff is expected to participate in, not just new hires.
• To have pro-active auditing capability in place, which is being used across the province, with additional health information systems being added. The audit is essentially a thorough review of a health record to see when and how often it has been accessed and for what reason.
The health authority will be keeping an eye on things to prevent repeats of this incident.
“We continually review our systems, processes, privacy policies and confidentiality training for employees to reduce the likelihood of this type of incident from happening again,” says Mooney.