A breach of patient information in May should be a wake-up call to improve privacy within the Department of Health and Social Services, said the NWT's privacy commissioner.
“I've been doing this job for a while and have always commented on a lack of encryption with the department's computers,” said Elaine Keenan Bengts, the territory's information and privacy commissioner. “(The department) has always been of the mindset that 'it's not going to happen to us.'”
More than 33,000 patient information files were compromised in May, after an employee working in Ottawa lost an unencrypted laptop to theft from a vehicle on May 9. The laptop has not been found. The breach triggered an investigation into other laptops in the GNWT. The department's investigation, concluded on June 18, found multiple laptops were not password-protected. Bruce Cooper, deputy minister of Health and Social Services, said that problem has been fixed.
Bengts will be the lead investigator into the stolen Health and Social Services' laptop. She intends to take the seven-month probe very seriously, she said.
The department maintains the employee responsible for the laptop followed all necessary precautions and the stolen property was not a result of negligence.
The employee in question still works for the department, spokesperson for the department, Damien Healy, confirmed to Yellowknifer
“It's important to note the (department's) investigation concluded the custodian had met the expectation regarding protection of this device,” stated Healy. “Please note that this was the result of a theft and not as a result of an act of commission or omission.”
In 2015, after Health and Social Services introduced the Health Information Act (HIA), the department increased its training protocols. So far, 30 to 50 per cent of employees have undergone new training.
Keenan Bengts said despite the HIA training, the department was still “nowhere near ready” to handle this type of situation.
“I don't know how much is getting done in the department,” she said. “For them it's a matter of priorities and right now it seems like providing good health care is more important than (privacy).”
Keenan Bengts added 30-50 per cent of employees receiving is not sufficient.
This is not the first time the GNWT has failed to keep medical files private. In 2014, a doctor at Stanton Territorial Hospital lost a USB drive containing 4,000 patient information files. As well, in 2016, the Beaufort Data Health and Social Services Authority confirmed 67 patients had been notified their information was compromised.
The initial findings of the independent investigation into the most recent missing patient information files are expected to be available to the public sometime in the fall, said Keenan Bengts.
She added that, in this case, the investigation can't “put the genie back in the bottle.”