Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Prince Edward Island: OIPC issues breach decisions on employees' use of health data
The Office of the Information and Privacy Commissioner for Prince Edward Island ('OIPC') issued, on 12 July 2018 and 3 July 2018, two breach investigation reports following notifications by Health PEI of incidents involving employees' inappropriate use of health data in contravention of the Health Information Act 2014. With regard to the first investigation, the OIPC noted that a number of Health PEI's employees had disclosed personal health information through a closed Facebook group created and managed for the purpose of work related communication. In particular, the OIPC found that Health PEI had taken reasonable steps to remediate the unauthorised disclosure, contain the breach and conduct an adequate investigation.
In relation to the second investigation, the OIPC outlined that one of Health PEI's employees had inappropriately accessed the personal health information of three individuals. In particular, the OIPC found that Health PEI had taken reasonable steps to remediate the unauthorised access, contain the breach and conduct an adequate investigation. The OIPC recommended that Health PEI remind their employees that electronic medical records should not to be accessed for purposes not related to their employment duties.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
