Staff at Nunavut hospital need more training to ensure patients' privacy protected - Action News
Home WebMail Tuesday, November 19, 2024, 10:03 PM | Calgary | -8.6°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
North

Staff at Nunavut hospital need more training to ensure patients' privacy protected

A new privacy audit at Nunavut's only hospital revealed that no one is in charge of ensuring staff follow privacy regulations, there's no standard system to track who is accessing patient files and those files are sometimes left unattended.

Audit finds 'stacks of patient files on unattended desks,' lack of controls on accessing electronic records

A nursing station at Iqaluit's Qikiqtani General Hospital. A new privacy audit at the territory's only hospital revealed that no one is in charge of ensuring staff follow privacy regulations, there's no standard system to track who is accessing patient files and piles of patient charts are sometimes left unattended. (CBC)

A lack of leadership at the Qikiqtani General Hospital may be putting patients' personal information at risk, says Nunavut'sInformation and Privacy Commissioner.

A new privacy audit at the territory's only hospital revealed that no one is in charge of ensuring staff follow privacy regulations, there's no standard system to track who is accessing patient files and piles of patient charts are sometimes left unattended.

"What is required is a strong privacy culture within the [QikiqtaniGeneral Hospital]now," reads a final report on the audit, tabled on the last day of the Nunavut Legislative Assembly's fall sitting.

"Our audit revealed a somewhat confusing array of different 'privacy' policies and instruments not well understood by all staff."

Elaine Keenan Bengts, who acts as the privacy commissioner for both Nunavut and the Northwest Territories, says health-care workers at the hospital were "engaged and interested and wanted to do the right thing."

But, without appropriate guidance and training, that may be difficult.

Employees need leadership

The report made 31recommendations, ranging from creating a policy to deal with faxing information, to immediatelyterminating access to electronic health records when employees are terminated, to turning the hospital into a arms-lengthpublic agencylike the Nunavut Housing Corporation.

One of the "major recommendations," saidKeenan Bengts, is creating a privacy officer position thatwould be responsible for developing policies and procedures and overseeing training.

"There needs to be some leadership," she said."That one's an easy fix. You should be able to do that fairly quickly."

According to the report, the Department of Health has already laid the groundwork for the position, developing a job description.

But the job was never created and staffed.

High turnover adds to issues

With a staff of 150 people and general "confusion over what is required by employees" Keenan Bengts argues that the hospital needs the "hands-on day-to-day leadership" a privacy officer would provide.

The report from Nunavut's information and privacy commissioner Elaine Keenan Bengts made 31 recommendations on how to improve protection of patients' privacy at Qikiqtani General Hospital. (Jane Sponagle/CBC)

"Most of them didn't have the tools they needed and didn't have the support they needed," she said.

Keenan Bengts adds that there is no reason why the privacy officer couldn't fulfilthat role for employees at the territory's two regional facilities and 24 local health centres.

"There's a lot of turnover, particularly in the small communities in the nursing stations, and they don't necessarily all receive appropriate training."

That training should also be available to translators, the report states.

Shift to electronic health records problematic

In recent years, Nunavut has begunshifting to an electronic health record system, but for now uses a mix of hard copyand electronic medical records.

The audit found a number of issues with the Meditech electronic medical record system.

Employees are given access to the system without privacy training. Employees can access electronic files without logging a reason for needing them and there are no random system audits to ensure the program isn't being misused.

Also, there is no protocol in place to revoke a worker's access to the system immediately when theystopbeing employed at the hospital.

"We were told that if a user hasn't used theMeditechsystem in four to six months, their accreditation will be revoked," the report states.

"Such a relaxed approach is unacceptable."

'There's certainly some urgency'

Nunavutis the last jurisdiction in Canada to move to an electronic health records system. Most jurisdictionsadopted a stand-alone health information law to govern how health information can be shared before implementing the system.

Right now,Nunavuthas no such law and no clear plans to create one.

GaryDickson, a privacy expert and Saskatchewan's formerinformation and privacy commissioner, likens this to handing staff the keys to a company car before teaching them how todrive it.

"You have more personal health information being available to more people," said Dickson, who helped Keenan Bengts with the audit.

"Since the system is being rolled out, I think there's certainly some urgency in making sure that there are rules in place that govern that kind of electronic medical record to ensure there isn't abuse and there isn't improper viewing of people's personal health information."

Dicksonagrees that health-care workers in Nunavut are diligently trying to protect patient privacy, but this lack of rules is "handicapping" them.

Documents left on desks

When Keenan Bengts visited the Qikiqtani General Hospital she says she did not witness any privacy breaches.

But, since then, she's been notified about several.

"Things like somebody blogging about their experience in the North, about records that have gone missing, about a log book that was left out on someone's desk and when they came back it was gone," she described.

"I know there are instances. We're all human. There are going to be instances no matter how careful we are."

Right now there is no secure sign-in/sign-out policy in place for paper documents at the hospital and auditors found"stacks of patient filessitting on unattended desks" at the health records department.

When it comes to electronic documents, there seems to be little oversight to catch misuse.

"There are undoubtedly incidents of employees looking up the records of friends and relatives," the report states.

Lack of government response

So far, Keenan Bengts says she has not received any feedback about her recommendationsfrom the Government of Nunavut.

"I invited them. I provided a copy ahead of time," she said. "I held off actually submitting my report to my committee for several weeks."

In May, Keenan Bengts is set to appear before a legislative committee where she will answer questions about the audit.

She expects the government will respond to the report then.

"Right now, I'm a little disappointed."

The Department of Health told CBC News it could not provide a response to the Information and Privacy Commissioner's report at this time, because the person in charge of the file is on annual leave.