More than 11,000 patients at the Brampton Civic Hospital have received letters from their health-care provider, providing notice that a hospital employee inappropriately used their personal information to access medication over a number of years.

According to one patient’s letter, obtained by the Star, “an employee selected your name and patient identification number on the computer screen of an electronic device that is used to dispense medication.”

It also states that, after an internal investigation, the employee no longer works at the hospital, and has been charged by Peel Regional Police.

The letter, dated Aug. 2, was sent by Ann Ford, the chief privacy officer at William Osler Health System — a hospital system that serves 1.3 million residents of Brampton, Etobicoke, and surrounding communities.

Ford writes that the medical records of patients that were affected have been corrected for accuracy. “Your chart showed that this medication was dispensed for you and administered to you, but there is no record in the chart that shows that the physician ordered it,” states the letter.

“We do not know what the employee did with the medication,” writes Ford. In the letter, no information is conveyed about who the employee was, what medications they took, when they were caught, when charges were laid by police, or how long the investigation was.

In an email statement to the star, William Osler said that “as of August 2, 2017 Osler had notified all 11,358 patients affected over a number of years and concluded its internal investigation into an isolated incident of a former hospital employee who stole medication for non-hospital use.”

According to the statement, William Osler has now put in place “more frequent, proactive audits of our medical dispensing system, as well as placing stronger controls on individuals’ access.”

The letter sent to patients also conveyed that the hospital had implemented more protective controls including launching an internal investigation, informing Peel Police, collaborating with the Information and Privacy Commissioner of Ontario, and creating preventative strategies for the hospital’s pharmacy.

The Information and Privacy Commissioner (IPC) of Ontario was notified of this privacy breach on April 21, and is presently investigating the matter. “No other case like this has been reported to our office before,” said the Privacy Commissioner’s Office in an email.

There have been 271 reported privacy breaches in 2017, involving thousands of patient records. Of the 271, 43 were snooping incidents, and thus far, only 5 such cases have been prosecuted under Ontario’s health privacy laws

In the email to the Star, the IPC said it is committed to ensuring “that the personal health information of individuals remains secure and protected at all times.”

Fatima Syed can be reached at fsyed@thestar.ca

Loading... Loading... Loading... Loading... Loading... Loading...

Read more about: