Electronic Health Records
Thousands of Alberta health records go missing
EDMONTON – The health records of more than 670,000 Albertans have been
lost by a company contracted by the government to safeguard them.
According to a report in the Edmonton Journal, the information was
stored on a small number of unmarked tapes described as “oversized VHS”
Authorities are still trying to determine where the tapes were lost.
They could have been lost by an Edmonton company contracted by IBM
Canada to transfer the information onto microfiche or by a courier who
was supposed to return them to IBM’s data centre, said Mike Quinn, a
spokesman for IBM Canada.
Information and Privacy Commissioner Frank Work is conducting two
separate investigations into the tapes that went missing in early March.
One investigation involves the missing health records, while the other
involves the pension records of 98 Albertans that were lost en route to
a cheque-printing service.
Both reports are expected within two to three weeks. Edmonton police
have not been called in to investigate the missing tapes, a spokesman
Quinn said that access the data requires a special IBM mainframe system
still programmed to read EBCDIC (Extended Binary-Coded Decimal
Interchange Code), a computer language from the early 1980s that is no
longer widely used.
Mark Kastner, a spokesman for Alberta Health and Wellness, said the
information on the tapes contained the names, health-care insurance
numbers, employee payroll numbers, monthly health-care premium rates,
and marital and family status of more than 670,000 Albertans.
He said the data, which is one month old, did not include sensitive
health, treatment or financial information.
Randy Goebel, a computer science professor at the University of Alberta,
said the data could be easily used by anyone with access to a mainframe
and a modicum of experience with computer languages.
“It’s not very hard to decipher if it’s just written in naked EBCDIC,”
he said. By itself, the data does not appear to be of great value to a
potential hacker, “but if people are really serious, they can couple it
with other information (to create a complete profile on someone).”