Privacy breach at Hamilton Health Sciences

Hamilton Health Sciences has completed an investigation in to a privacy breach involving eight employees who inappropriately accessed the personal health information of approximately 4,000 patients.

There is no evidence that patients’ health information was printed, downloaded, or electronically shared with anyone. We have concluded that these were snooping cases. HHS deems these actions unacceptable and has terminated all eight employees involved.

HHS has issued a letter to the affected patients, and notified the Information and Privacy Commissioner of Ontario (IPC), and the former employees’ regulatory colleges, where applicable.

HHS sincerely apologizes to all those affected. Patients who receive a letter can also call the hospital at 905-521-2100 ext. 77488.

The hospital has a number of policies, systems, and processes in place to prevent privacy breaches. This includes:

• privacy training for all staff, physicians and learners during their onboarding and annual refresher training;
• routine, random audits of access to patient information; and,
• ongoing review of our hospital systems and information-sharing practices to ensure patient privacy is being upheld to the greatest extent possible.

Staff, physicians and learners at HHS are expected to adhere to these policies, the requirements of their regulatory colleges, and provincial privacy legislation.

“We want to sincerely apologize to everyone who is affected by the breach,” says Aaron Levo, vice president, People, Culture and Communications. “This incident is not consistent with HHS’ values or those of our staff and physicians at large. Every patient has a right to privacy and everyone at HHS is trained and educated to safeguard this right. As a continuous improvement organization, HHS consistently looks for ways to improve its practices to further minimize the risk of privacy breaches. The same is expected of every person who works and learns here.”