box10.gif (1299 bytes)







Electronic Health Records

Thousands of Alberta health records go missing

EDMONTON – The health records of more than 670,000 Albertans have been lost by a company contracted by the government to safeguard them.

According to a report in the Edmonton Journal, the information was stored on a small number of unmarked tapes described as “oversized VHS” cassettes

Authorities are still trying to determine where the tapes were lost. They could have been lost by an Edmonton company contracted by IBM Canada to transfer the information onto microfiche or by a courier who was supposed to return them to IBM’s data centre, said Mike Quinn, a spokesman for IBM Canada.

Information and Privacy Commissioner Frank Work is conducting two separate investigations into the tapes that went missing in early March.

One investigation involves the missing health records, while the other involves the pension records of 98 Albertans that were lost en route to a cheque-printing service.

Both reports are expected within two to three weeks. Edmonton police have not been called in to investigate the missing tapes, a spokesman confirmed.

Quinn said that access the data requires a special IBM mainframe system still programmed to read EBCDIC (Extended Binary-Coded Decimal Interchange Code), a computer language from the early 1980s that is no longer widely used.

Mark Kastner, a spokesman for Alberta Health and Wellness, said the information on the tapes contained the names, health-care insurance numbers, employee payroll numbers, monthly health-care premium rates, and marital and family status of more than 670,000 Albertans.

He said the data, which is one month old, did not include sensitive health, treatment or financial information.

Randy Goebel, a computer science professor at the University of Alberta, said the data could be easily used by anyone with access to a mainframe and a modicum of experience with computer languages.

“It’s not very hard to decipher if it’s just written in naked EBCDIC,” he said. By itself, the data does not appear to be of great value to a potential hacker, “but if people are really serious, they can couple it with other information (to create a complete profile on someone).”