Investigation Report – PHIA – Unauthorized Collection, Use, Disclosure and Security of Information – Health Plus Medical Centre
investigations & monitoring
health facility, body or trustee
Summary
Our office received a complaint that an employee of the Health Plus Medical Centre, a trustee under PHIA, accessed personal health information without authorization.
Our investigation confirmed the employee created falsified medical records of the complainant for the purpose of being able to access linked records in another system. Evidence showed the employee repeatedly accessed the complainant’s personal health information. During subsequent court proceedings, the employee also admitted to disclosing some of the information to a third party. We found the collection, use and disclosure of the complainant’s personal health information was not authorized and supported the complaint.
The trustee took several steps to implement physical, technical and administrative safeguards to address the breach and reduce the possibility of a similar occurrence.
Our office also initiated a prosecution of the employee under The Personal Health Information Act. The employee pleaded guilty to unauthorized use of the complainant’s personal health information.
Case MO-00303