A former supervisor of health information management with Alberta Health Services was slapped with a $5,000 fine on Tuesday after being convicted of 13 counts of accessing health information in contravention of the Health Information Act.
According to the Office of the Information and Privacy Commissioner (OIPC), AHS was notified of a potential “contravention of internal policy” at the Tofield Health Centre in June 2013. The privacy commissioner’s office said an AHS audit revealed Amanda Tripp had “visited with her boyfriend” in the facility’s health records room. In August 2013, AHS self-reported a privacy breach, alleging Tripp “inappropriately accessed patient records.”
The OIPC said it also received a pair of complaints from people affected by the incidents.
The OIPC’s investigation found Tripp “improperly” accessed the health information of 14 people, 25 different times through Alberta Netcare, the province’s electronic health record.
Tripp’s job with AHS at the time required her to respond to access to information requests from people and to respond to RCMP requests for health information about a patient.
The OIPC said Tripp had completed a course on information privacy and IT security awareness.
After the OIPC referred its findings to Crown prosecutors, charges were laid against Tripp in April 2015. She eventually pleaded guilty to 13 unauthorized accesses.