Former Manitoba Health employee snooped on records of family, senior public officials: ombudsman

The province'sombudsman says Manitoba Health didn't do enough to mitigate the risks of a privacy breach.

That was Charlene Paquin's finding in a report detailing the investigation ofan employee who accessed the medical records of his estranged daughter, colleagues and some senior public officials.

Theombudsman's report, released Tuesday,included 11 recommendations, including hiring a chief privacy officer for the departmentand conducting a comprehensive review of how Manitoba Health manages its privacy obligations to Manitobans.

• Ex-cop fined $7,500 for accessing daughter's health records
• Former Winnipeg police officer found guilty of snooping into relatives' health records

The investigation started in 2014 when the employee, a former city policeofficer, learned from his ex-wife that his daughterhad been hospitalized for psychiatric reasons and thenaccessed his daughter's private health records.

CBC is not naming the offender to protect the identity of his daughter.

The investigation also found the man accessed personal health information of other family members, professional contacts, acquaintances, other departmental employees and a small number of senior public officials.

Accessed computer after resignation

"Several individuals who complained to our office reported suffering psychological harm and anxiety as a result of the employee's invasion of their privacy. Some individuals also reported fear for their safety stemming from past experiences in their relationships with the employee," the ombudsman's report said.

An investigation also found that while the department was moving toward firingthe employee, he turned in his resignation, which was effective immediately. But a few days later he was able to get back into the building where he worked and log into his computer. A forensic examination found that he deleted files from his account.

He was charged in April 2016 with one criminal charge under the Personal Health Information Act. Hewas found guilty and fined $7,500 earlier this year.

The final report and recommendations were held until the court proceedings were over.

"Organizations that hold personal health information must have policies, procedures and safeguards in place to ensure that this information is only accessed by employees who have a legitimate work-related purpose for doing so," said Paquin in a news release on Tuesday.

"Employees need to know that snooping into the personal health information of others is a very serious matter."

• Former police officer charged with health snooping in Winnipeg
• Province investigating former employee accused of snooping into health records

The ombudsman's investigation reviewed the unauthorized access to information and what the response was, looking at how Manitoba Health prevents, detects and ultimately reacts to such breaches.

Manitoba Health didn't respond in a timely way to address or stop privacy breaches in some instances, the report says.

Its recommendations also include reviewing Manitoba Health's policies and procedures and developing a regular audit process to see who is accessing records and why.

Paquin said Manitoba Health accepted all of the report's recommendations and has already made changes, or committed to making them. She added the department made changes after the 2014 breach was discovered.