REGINA – Saskatchewan’s acting privacy commissioner says her office spent the last year dealing with numerous complaints about employee snooping and misdirected health faxes.
Diane Aldridge says in the commissioner’s annual report that many organizations aren’t getting the message about protecting privacy.
“This is notwithstanding the efforts of many different players, including regulatory bodies, (government) ministries … and this office, to raise awareness as to what it takes to be compliant with access and privacy legislation,” Aldridge wrote in the report released Friday.
One of the snooping cases involved a physical therapist who looked at the ultrasounds, X-rays and CT scans of 99 people who were not her patients.
The report says what was of further concern was that some of the confidentiality breaches happened even after the woman was told accessing the files was wrong.
Another snooping case involved a Ministry of Highways worker who had what was described as “an incident” with another driver while the employee was heading to work in his own vehicle.
Former privacy commissioner Gary Dickson said in December that the highway worker “apparently wanted to know why the driver was upset,” so the worker looked up the motorist’s personal information on the Saskatchewan Government Insurance database and contacted the driver, who complained to SGI and the RCMP.
Aldridge also said many organizations haven’t fully addressed privacy fundamentals in the digital age.
“Comprehensive privacy management programs are still lacking, faxes need cover sheets, contracts and agreements need to address access and privacy considerations and electronic systems need audit functionality.”
The annual reports points to investigation results released earlier this year into systemic privacy breaches in the health system.
The investigation found that the detailed hormone therapy information of a transgender person was faxed to a school. The finding was one example of situations where health authorities or doctors faxed personal health information to wrong numbers. Dickson called it an antiquated way to share information.
Public bodies and trustees such as health professionals need to learn from the experience of others and make improvements to comply with privacy laws, Aldridge said.
“Solutions do exist and the good news is that we do not have to ‘reinvent the wheel.'”