Manitoba Health, Seniors and Active Living advises an internal investigation has revealed a former employee inappropriately accessed the personal health information of 197 people including names, addresses and dates of birth.
The former employee did not have access to personal health information in provincial databases that would include physician visits, diagnoses, medical billings, prescription drug records or hospitalizations.
Not all department employees have access to personal health information. Under the Personal Health Information Act (PHIA) and the department’s PHIA policies and procedures, employees are only authorized to access information if it is necessary to carry out their defined responsibilities and work requirements.
While the potential for further misuse of the information is low, the department takes the privacy and confidentiality of personal health information very seriously and is directly contacting affected individuals. If other individuals are identified, they will be notified.
The department apologizes for this incident and is continuing to provide ongoing training to staff to ensure they are aware of their responsibilities to maintain the privacy of personal health information.
The Personal Health Information Act was enacted in 1997 to ensure an individual’s access to their personal health information and the privacy of personal health information maintained by health-care providers and facilities, government and other public bodies.
The legislation makes it an offence for an employee or a trustee to use, gain access to or attempt to gain access to another person’s personal health information.
