HHS fires 8 employees who breached 4,000 patient’s records

Hamilton Health Sciences says it has fired eight employees who “inappropriately accessed” the personal health information of approximately 4,000 patients.

In a statement released Monday, the hospital system says internal investigators found no evidence of patient’s health information being printed, downloaded, or electronically shared with anyone.

“We want to sincerely apologize to everyone who is affected by the breach,” said Aaron Levo, HHS vice president of people, culture, and communications.

“This incident is not consistent with HHS’ values or those of our staff and physicians at large. Every patient has a right to privacy and everyone at HHS is trained and educated to safeguard this right.”

READ MORE: Over 2000 privacy breaches at St. Joseph’s Healthcare Hamilton since 2018

HHS issued a letter to the affected patients, and notified the Information and Privacy Commissioner of Ontario and the former employees’ regulatory colleges, where applicable.

The hospital network says patients who receive a letter can also call the hospital at 905-521-2100 ext. 77488.

The hospital network says it has a number of policies in place to prevent privacy breaches, including privacy training for all staff, random audits of access to patient information, and ongoing reviews of its hospital systems and information-sharing practices.

READ MORE: St. Joseph’s urged to nix fax machines amid privacy breaches: IPC 

Larry Sztogryn told CHCH on Tuesday that the medical information of another patient showed up on his medical charts after they both received the same procedure at Hamilton General Hospital earlier this month.

“Everything got done fine because I live a little over an hour or so away, I travelled back home and found that I had a message in my inbox.”

The message notified him that there was a test report about his procedure in his “my-chart” which is an online tool where patients can view their hospital health information.

“I opened it, and I looked at it, and I saw someone else’s name, and when I scanned the document over, checking everything, I found that it wasn’t my report,” Sztogryn said.

Sztogryn said he is not satisfied with how the hospital system handled the situation and is concerned that his own information may be at risk of ending up in someone else’s hands as well.

Sztogryn immediately contacted the patient whose information he had, to let them know what happened. Then contacted Hamilton Health Science’s privacy office.

Sztogryn says that his information was not given to the man whose information he received. Hamilton Health Sciences also confirmed with Sztogryn that his information was not included on any other patient’s charts.

Sztogryn says his concerns grew when he heard about another – separate – privacy breach
at Hamilton Health Sciences.

Hamilton Health Sciences referred to that privacy breach as “snooping”.

The former Privacy Commissioner of Ontario, Ann Cavoukian says, “It’s appalling, it is so appalling.”

“Obviously this is a clear violation of the Personal Health Information Act that is in place in Ontario and they know that this is the most sensitive data, medical data, health-related data, it can reveal so much about you. It requires the strongest protection possible.” Cavoukian says.

We asked Hamilton Health Sciences about Sztogryn’s case, specifically how someone else’s information showed up in his medical charts but they said they couldn’t answer due to ‘patient privacy.’

Ontario’s current Privacy Commissioner told CHCH News so far there has been 13 privacy breaches have been reported by hospitals in Hamilton, 5 of them related to snooping.