Alberta's privacy commissioner is investigating another security breach involving personal patient information, this time stolen from a pediatrician's office, CBC News has learned.
The doctor at the Glenrose Rehabilitation Hospital had the medical information of 270 children stored on a computer memory stick. She put the tiny device in her purse and locked it in her office drawer, but the purse was stolen on Aug. 16.
"The records we were concerned with were personal health number, name, date of service at Glenrose and diagnosis," confirmed Steve Buick, spokesman for Capital Health. "Not enough clinical detail, but enough that a parent might naturally be concerned."
'It is unbelievable that after a number of high-profile incidents in the past, organizations are not getting it.'—Frank Work, Alberta's privacy commissioner
The news comes one day after the Edmonton Catholic School District revealed a memory stick containing the names, addresses and phone numbers of 560 students had been stolen from a bus carrier employee.
"I was shocked. That kind of stuff that should be locked up shouldn't be going into people's purses," said Rick Klein, whose son was treated at the Glenrose hospital about five years ago. "Who knows who has the information now?"
Even though the theft happened in August, Klein said he was only told about it a month ago.
"It is unbelievable that after a number of high-profile incidents in the past, organizations are not getting it," said Frank Work, Alberta's privacy commissioner.
Work released the results of an investigation Tuesday, ordering Capital Health to tighten security after four laptop computers — one containing patients' personal data — were stolen from an office in May. Letters were sent to 20,000 patients three months after the theft occurred.
Commissioner orders encryption of data
Work's office found that Capital Health contravened the Health Information Act by not maintaining adequate safeguards to protect patient information.
He ordered the health region to encrypt all personal information on portable devices and to review its process of notifying people about privacy breaches.
"It doesn't matter if the mobile device is password protected, or even double password protected, there must be another layer of protection and that layer is encryption," he said.
Encryption converts data into code, allowing only authorized parties to read it.
Related
Internal Links
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
MORE EDMONTON HEADLINES »
- Edmonton senior beaten to death in 'despicable' robbery
- An autopsy has determined that an elderly Edmonton man was beaten to death in what police are calling a cowardly attack.
- Body found in dumpster not victim of foul play
- The man whose body was found in a burning dumpster lit the fire to keep himself warm, Edmonton police said Friday.
- Number of homeless teenage immigrants surging in Edmonton
- More immigrant teenagers are homeless in Edmonton, hit by the city's skyrocketing rents while also struggling to work part-time jobs, learn English and recover from war-related stress, say social agencies.
- RCMP apologizes to ex-Mountie for wrongful arrest
- The RCMP formally apologized Friday for the wrongful arrest and prosecution of John Hudak, a former Alberta RCMP officer, in a sexual assault case.
- 25,000 abused women, kids turned away from Alberta shelters
- The Alberta government insists it's not ignoring the plight of abused women and children, after a report showed record numbers were turned away from shelters last year due to inadequate funding.
Canada Features
Blog Watch
Most Blogged about CBC.ca Articles