A record 34 charges have been laid in a landmark case against an individual under the Health Information Act, along with six additional charges under the Criminal Code. If found guilty, the suspect, a worker at a Calgary health care organization, faces $1.7 million in fines.
The organization reported the breach to the Office of the Information and Privacy Commissioner. An offence investigation was launched six months ago into suspicious accesses to health information. Thirty-one charges under the Health Information Act were then laid for improperly accessing other individuals’ health information, one charge was laid for inappropriate use of health information, one charge was laid for inappropriate disclosure of health information and one charge was laid for knowingly falsifying a record. Crown prosecutors at Alberta Justice have laid six additional charges under the Criminal Code.
This is the most number of charges laid at one time for a breach of the Health Information Act, and marks the first time the Crown has brought criminal charges in addition to administrative penalties.
In both prior instances of laying charges, administrative convictions were obtained. A clerk at a medical office was fined $10,000 in 2007, and in December 2011, an Edmonton pharmacist was fined $15,000 for using the provincial electronic health records system and posting information he had access to onto Facebook.
Over the past few years we have seen a substantial increase in the number of cases involving inappropriate access to personal health information, highlighting the need for better staff training focused on the risks associated with snooping; sophisticated access level rights; and robust database activity monitoring.