Island Health has reiterated its commitment to patient privacy in the wake of the second breach in a month.

UPDATED: Island Health CEO pledges to do better after another snooping staffer fired

Health authority says confidential information about 34 Vancouver Island residents improperly accessed

Island Health is looking for new ways to increase the security of its data base after firing staff for the second time in less than a month for breaching patient privacy.

The Island’s health authority revealed July 8 that a support staff employee working in the Victoria area was let go after browsing the confidential records of nearly three-dozen Vancouver Island residents.

Coming in the wake of the largest breach in the organization’s history in June, Island Health CEO Brendan Carr issued a public apology and a pledge to do better.

“This is a very serious issue for us,” he said, calling the situation a gross breach of patient and public trust. “We have to do better and there are things we can do.”

Access to patient records is designed to be available only to those workers who need it in order to do their jobs. Carr said the sanctity of patient privacy is drilled into all such employees before he or she is given a password to access the system.

Once in the system, the employees must register and specify their relationship to the patient before opening any individual’s file. The recent violators were able to access restricted files by lying about relationships.

“It isn’t failsafe. Somebody can misrepresent themself,” Carr said. “We rely on professionalism and honesty.”

That said, once the false information is entered, it remains in the system and is subject to review.

An auditing program tracks who has accessed what and flags any potentially unusual interactions for further investigation. It was this process that flagged the latest violator, who was let go after an investigation tracking back to January of 2015 found 34 instances of records improperly accessed.

Carr said the health authority is looking at adding more triggers to the flagging process, things like people checking through records of people with the same last names, or accessing the system at certain times.

The individual responsible for the latest breach had been an employee for about 15 years, and was not a nurse nor a member of the medical staff. Island Health is in the process of informing those residents whose records were accessed about what happened.

In the previous incident, revealed on June 14, two other support staff workers were caught under similar circumstances after snooping into the records of 198 people, including family friends, co-workers and celebrities. It followed the revelation in the spring of 2015 of a central Island staffer who looked through the records of 39 people, and a fall 2014 revelation that two nurses accessed the personal info of another 112 individuals. The violators in all these instances were fired.

“There doesn’t appear to be any real motivation other than curiosity,” Carr said.

Given staff knowledge that a deliberate privacy breach of this nature will likely lead to a firing, and the ease of being caught, the CEO is surprised that anyone would take the risk. More troubling for him, however, is the breach of patient trust.

“I honestly can’t understand it. This is fundamental to who we are as an organization. People have to be able to trust us.”

At the same time, he points out that Island Health has about 19,000 employees and processes about 4,500 patients a day. While the recent instances are significant, he does not believe snooping is endemic.

Carr said patients deserve better.

“Our employees know it’s wrong to look at the private health information of patients when they have no legitimate reason to do so,” he said. “It saddens and disappoints me that the actions of a very, very small minority of our 19,000 staff violate the values and high ethical standards we all work towards.

For more information on Island Health privacy policies, click here.

Follow me on Twitter @JohnMcKinleyBP