Hospital employee snooped in 98 patient records privacy commissioner finds SwiftCurrentOnlinecom Local news Weather Sports Free Classifieds and Job Listings

pSaskatchewan Information and Privacy Commissioner Grace Hession David found that a privacy breach involving an employee at the Dr FH Wigmore Regional Hospital did take place ppThe decision found that a unit clerk in the emergency department inappropriately accessed their own health records as well as the records of 98 other people a total of 102 times between July 2024 and June 2025 ppThe commissioner said that in at least two instances the employee shared what they had learned from those records with others including telling a coworker about private health information and texting a family member about another relative being admitted to hospital ppThe Saskatchewan Health Authority became aware of the breach when the employee approached a coworker and asked about information related to a recent hospital stay that had been kept strictly private ppThe conversation was reported to a manager who believed a privacy breach had occurred ppUnder Saskatchewan law healthcare workers may only look at patient information if they need it to do their job Curiosity concern or personal interest is not permitted including accessing ones own record ppThe commissioner found the employee was snooping and had no legal authority to view their own health information in the system access the information of 98 other people discuss a coworkers private medical information or share patient information with family members ppIn response the Saskatchewan Health Authority investigated the complaint conducted a detailed audit and suspended and then fired the employee ppThe authority also notified all affected individuals in writing reported the breach to the privacy commissioner and added stronger privacy training and confidentiality agreements ppThe commissioner noted that the authority did not suspend the employees access quickly enough allowed access for longer than necessary after warning signs appeared and did not have a proactive audit system that might have detected the snooping earlier ppThe commissioner found the employee knowingly and deliberately violated the law despite completing multiple privacy training sessions signing confidentiality pledges and knowing there were clear rules restricting record access without a need to know ppIn submissions to the commissioner the employee admitted they knew accessing the records was wrong ppI was totally in the wrong for checking my coworkers record but I did it out of compassion as I genuinely care about my coworkers the employee wrote to the privacy commissioner ppThe employee admitted they were a fool and should have kept my mouth shut and said they did not mean to upset their coworker and apologized for their actions ppThe commissioner decided not to refer the case to the Attorney General to pursue charges citing the employees termination the lack of formal complaints from affected individuals limited harm and the cost of prosecution relative to the public interest ppTwo recommendations were issued by the commissioner David recommended the authority immediately suspend access to records when there are signs of inappropriate record viewing and introduce proactive monitoring and auditing of electronic health records to detect snooping earlier ppYou can read the whole report from the Privacy Commissioner here p