BreachExchange mailing list archives
Hospital apologizes for data breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Tue, 28 May 2013 12:07:27 -0500
http://www.chroniclejournal.com/content/news/local/2013/05/28/hospital-apologizes-data-breach Thunder Bay Regional Health Sciences Centre has confirmed a privacy breach involving diagnostic images, but are providing few details as to who was involved. Hospital CEO Andree Robichaud and chief of staff Dr. Gordon Porter said Monday that the MRI scans of about 500 people were shared with a physician outside the hospital who did not have hospital privileges. “We take the privacy of our patients seriously and we deeply apologize for what happened,” Porter said during a news conference. “My job is to ensure the quality and safety of all patients that come to this hospital, so I take this very seriously,” he said. He said this is the first time in the hospital’s history that there has been a privacy breach. Robichaud said a physician who has privileges in the hospital had been sharing MRI diagnostic images with an unauthorized physician outside the hospital. The images were done between July 2012 and April this year. The information included the patient’s name, date of birth, sex and interpretation of the images. “The privacy breach was discovered in early April and it took multiple gymnastics from an IT perspective to be able to come up with a list and determine to what extent and when it began,” Robichaud said. “There is no information to suggest that personal information was shared with anyone beyond this other individual.” Porter said it is not unusual for physicians to share information for the purpose of providing health care, but but there are regulations that protect patient confidentiality. Robichaud said the Office of the Information and Privacy Commission of Ontario is investigating. The names of the physicians were not divulged, but Porter said they have spoken to the physician at the hospital. He could not say if anyone would be fired over the incident. Robichaud said the “appropriate actions have been taken.” Porter said all hospitals have bylaws that govern professional staff regarding quality and safety. These are dealt with through the medical advisory committee. “Each physician who has credentials to work here signs a confidentiality agreement with our organization and with each appointment process,” he said. “Every patient has the right to confidentiality. We are extremely disappointed by this breach.” He said no one will have to have their imaging repeated. Anyone impacted will receive a letter in the coming days that includes clinical information and contact numbers. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Hospital apologizes for data breach Erica Absetz (May 28)