Grace Hospital Data Breach (2015)

A proactive audit by the Winnipeg Regional Health Authority (WRHA) has identified the personal health information of at least 56 individuals was inappropriately accessed by an employee who at the time was working within the Region. Following an investigation of the audit results by WRHA privacy staff, it was determined a pharmacist located at the Grace Hospital had a history of accessing and reviewing health records of patients to whom this individual was not providing care. As a result, the employee is no longer working with the WRHA. "Accessing, reviewing, or browsing through patient records out of curiosity is not permitted," said Mr. Real Cloutier, Vice-President and Chief Operating Officer of the WRHA. "We take patient privacy and our role in safeguarding personal health information very seriously, and we appreciate how upsetting this can be for patients. I am reassured, however, that the security and auditing procedures we have in place successfully identified this unauthorized activity so it could be stopped." The patients identified as having their personal health information inappropriately accessed have been notified. The Manitoba Ombudsman has also been notified of the privacy breach as has the respective professional body responsible for licensure. The system used to access patient information in this case was eChart Manitoba. EChart is a secure electronic system that allows authorized health care providers access to patients' health information when it is required by doctors, nurses, radiologists, and other staff to provide care to patients. Accessing and reviewing a patient's information is only permitted by health care providers when they require that information in order to deliver care to that patient. The eChart system maintains a record of all user activity allowing for routine, as well as focused, audits to ensure patient information is not being inappropriately accessed.