The Nova Scotia health authority says two separate investigations have resulted in the identification of 337 breaches of patient confidentiality.
The authority said Monday it's in the process of contacting all 337 people. It said everyone will be contacted directly, and officials will be available to discuss the details of the breaches.
Colin Stevenson, the authority's vice-president of quality and system performance, said that while there were two separate investigations, they actually turned up a number of breaches involving six employees in the central zone.
The region includes West Hants and Halifax County, but Stevenson said the breaches could involve patients from anywhere in the province.
Stevenson said the authority started one investigation in July 2016 after a patient complained to them about an alleged breach.
The investigation found 244 breaches by three staff members. The incidents range from unauthorized access of personal medical information to poor handling of files, such as sending them to the wrong location by fax or leaving them unattended or open where they could be seen by others.
The breaches weren't all connected; Stevenson said other instances were found while the initial complaint was being looked into, which is why the investigation took some time.
“It starts with understanding and completing an audit associated with what records could have been accessed, and went from there to understand whether it was a legitimate access for work-related purposes versus inappropriate access.”
He said because a large number of patient records were accessed, it took some time to complete that review.
The second investigation was started after a manager voiced concern about an apparent breach this past January, and resulted in the identification of 93 breaches by three individuals.
Those were all cases of unauthorized accessing of information, Stevenson said.
The earliest unauthorized access of information found dated back to 2006. Stevenson didn't know which investigation turned up that particular breach.
He said he doesn't know whether there was any connection among the patients whose files were being accessed, or whether there was any particular reason. But, he said “nothing has been identified that would indicate that any information was shared. It was just accessed inappropriately.”
Stevenson wouldn't say what action is being taken against the individuals involved but that privacy breaches can result in penalties as severe as firing.
“We do take this very seriously, and violation of privacy or confidentiality is significant for us as an organization,” he said.
The authority says that while staff and physicians require varying degrees of access to information, it takes steps to ensure employees know what is considered appropriate access, and that staff know their obligations to keep patient information confidential, monitor access and report inappropriate activity.
All new staff must sign pledges of confidentiality and partake in privacy orientation. A new online privacy and confidentiality training session was started this summer, and all staff will have to complete it. Existing staff will also sign a pledge of confidentiality if they had not previously done so.
Stevenson said he doesn't know whether the six people involved in the breaches had previously signed the pledges.