TORONTO – Ontario’s privacy commissioner says Rouge Valley hospital in Toronto failed to put reasonable safeguards in place to protect patients’ privacy after the sale of the personal information of up to 14,000 new mothers.
And acting commissioner Brian Beamish says he wants to send a “strong message” to staff at all Ontario hospitals that such privacy breaches will be prosecuted.
The commissioner’s office investigated allegations that hospital clerical staff sold information about new mothers to companies marketing registered education savings plans.
Beamish ordered Rouge Valley Health System to take steps to ensure it can track all instances where staff access patients’ personal health information, and do random audits on all users’ activities on all its electronic systems.
He also ordered the hospital to revise its privacy polices and give staff training in privacy issues.
Beamish says more needs to be done to address what appears to be a growing problem with privacy breaches in Ontario hospitals, so he wants the Ministry of Health and the attorney general to develop a procedure to prosecute offenders.
Comments