N.W.T.'s medical record system under the microscope after 2 reported cases of snooping

Recent reports of privateness breaches involving aesculapian records — including a lawsuit successful which 2 health-care workers viewed the records of a pistillate 1 of them had been successful a narration with — exemplify vulnerabilities successful the Northwest Territories Health and Social Services Authority's physics aesculapian grounds system.

The Northwest Territories Information and Privacy Commissioner issues reports connected cases successful which an probe yields grounds of intentional and unauthorized entree to backstage wellness information, commonly known arsenic "snooping." 

This year, Commissioner Andrew Fox publically reported 2 chiseled cases of snooping successful physics aesculapian records. They some progressive employees of the Northwest Territories Health and Social Services Authority (NTHSSA). 

An physics aesculapian grounds (EMR) is a integer mentation of a patient's aesculapian history. It tin see things similar trial results, X-rays and prescriptions.

These records are among the astir delicate pieces of accusation that a authorities bureau keeps connected citizens, and yet, according to astatine slightest 1 expert, the territory's physics aesculapian record system doesn't look to conscionable the highest ethical standards for diligent privacy.

One lawsuit published this twelvemonth progressive 2 NTHSSA employees who, connected aggregate occasions, snooped successful the aesculapian records of a diligent who wasn't successful their care. The employees were siblings and the diligent had antecedently been successful a narration with 1 of them.  

It wasn't until the diligent filed a "record of activity" petition successful July of 2023 — a study connected who had looked astatine her EMR — that she learned of the breach. 

"I was disgusted. I felt incredibly violated," said Maryse Gravelle, the diligent who had her aesculapian records snooped.

Another lawsuit published online this twelvemonth by the privateness commissioner progressive an lawsuit successful 2021 of an administrative clerk with NTHSSA who deliberately opened a person's EMR and relayed immoderate of their backstage wellness accusation to different person. The clerk did this "without consent and without lawful authority," wrote Fox.

The clerk admitted to wrongdoing during an NTHSSA investigation, and was fired immoderate months later. 

Fox called this a "particularly egregious, intentional privateness breach." He said the wellness authority's effect was appropriate, but that the bureau should person revoked the employee's EMR entree arsenic soon arsenic it confirmed the breach. 

The wellness authorization uses "role-based access" to the EMR system, meaning an employee's entree is constricted to what is indispensable for their role. 

Fox noted that connected occasions erstwhile the clerk was assigned to different roles, the NTHSSA didn't restrict her EMR entree successful accordance with those roles. 

'Deliberate and superior breach of trust'

Gravelle told CBC she thinks wellness records should person much safeguards.

"Our fiscal institutions person bundle successful spot to place erstwhile there's a fraudulent complaint perchance being made connected our accounts," she said. "How tin a banking instauration person those sorts of safeguards successful place, but there's nary alerts connected infirmary software, connected exigency aesculapian records, to alert erstwhile there's a suspicious enactment successful somebody's chart?"  

In his study connected Gravelle's case, the privateness commissioner said the siblings' jobs granted them "broad access" to the EMR system. Their information for opening the patient's records seems to person been "curiosity proceeding from a idiosyncratic relationship."

Fox called the privateness breach a "deliberate and superior breach of trust," and said it caused the diligent "significant distress."

Both siblings admitted to misconduct, were suspended without wage for 10 days and had their EMR entree revoked for astatine slightest 18 months. 

The wellness authorization is required by instrumentality to notify a diligent astir a breach of their aesculapian records "as soon arsenic reasonably possible."

In a statement, NTHSSA CEO Kim Riles said the wellness authorization indispensable analyse each reports of privateness breaches, and upon completion of an investigation, notify the affected people.

"At times, the probe process tin instrumentality a important magnitude of time," wrote Riles. She added the NTHSSA is reviewing its practices and "has committed to ensuring the notification occurs arsenic soon arsenic a privateness breach is confirmed, careless of whether a afloat probe has been completed."

She said the bureau accepted the privateness commissioner's recommendations and continues to amended and update mandatory training.

Auditing EMRs 'a existent challenge'

Livia Kurinska-Hrdlickova is the territory's main wellness privateness officer. She said regular audits cheque for suspicious enactment successful the EMR system, which if found, is flagged to the wellness authority. 

But Fox told CBC that auditing EMRs for instances of unauthorized entree is "a existent challenge." 

"If you looked astatine immoderate random illustration of employees looking astatine wellness records, there's truly thing that you could infer from the information that a laboratory adjunct looked astatine someone's aesculapian record," helium said. "You couldn't archer whether that was authorized oregon not." 

Neither of the 2 snooping cases Fox published this twelvemonth were flagged by a regular audit.

Kurinska-Hrdlickova explained that an worker with role-based entree to the EMR strategy has gone done mandatory privateness training, and taken an oath of confidentiality. They request a patient's archetypal and past name, and their day of commencement oregon health-care number, to unfastened their aesculapian record. 

The strategy besides relies connected spot that employees with entree volition lone usage the EMR strategy erstwhile it's required for their enactment connected a circumstantial case.  

"Any strategy crossed Canada is not perfect," said Kurinska-Hrdlickova. "You ne'er spell to a zero risk, right? Because that's impossible." 

EMR strategy not structured 'according to ethics': expert

As Fox noted, the NTHSSA extended spot to the employees with EMR access, and the employees breached that trust.

Eike Kluge, a University of Victoria biomedical morals professor, said successful the lawsuit of the siblings, the EMR strategy shouldn't person allowed them to unfastened Gravelle's grounds successful the archetypal place. 

"There should beryllium a challenge. Justify who you are and what close you person to entree that record," helium said.

It's unclear what benignant of challenges similar that, if any, are built into the strategy close now. CBC requested much details astir this from NTHSSA but didn't get a effect earlier deadline. 

Kluge said the strategy shouldn't conscionable emblem improper access, it should forestall it.

If the strategy isn't blocking improper access, "it's not decently structured," helium said. "Certainly not according to ethics."

Kurinska-Hrdlickova disagreed with Kluge's assertion and said the territory's EMR strategy complies with territorial privateness legislation. 

She besides said the territory's EMR strategy is acceptable to beryllium replaced successful the adjacent future, and that the caller strategy volition person adjacent stronger privateness protections. 

There isn't readily disposable information connected the prevalence of aesculapian grounds snooping successful the N.W.T. oregon successful Canada.

Any nonmigratory who's acrophobic astir the privateness of their wellness accusation tin record an entree to wellness accusation petition online.