In a statement released Monday, Karen Waymouth, chief information and privacy officer at Bluewater Health, said the hospital will be reporting the breach to the Information & Privacy Commission.
“We take our responsibility to protect the privacy of our patients’ personal health information very seriously,” said Waymouth. “As a reminder and learning opportunity we will continue to monitor and make improvements in this area. We will continue to perform random access audits and will escalate privacy education and awareness for all staff, physicians, students and volunteers.”
The statement said non-clinical staff with secure and password-protected access but who were not in the "circle of care" had accessed patient information without authorization.
Waymouth said the hospital conducted a thorough investigation and has taken follow-up actions in keeping with its privacy protocols and processes.
The media release said privacy and confidentiality is included in mandatory orientation sessions at Bluewater Health and employees, physicians, volunteers and students are required to sign a pledge of confidentiality. Strict enforcement of confidentiality is upheld by hospital policy and by law.