Privacy and security
Patient photos and information on
hard drive lost by hospital
EDMONTON – Two
surgery videos and 3,600 photos of wounds, lab specimens and dead
infants, all labelled with the patients’ names, went missing during an
office move at the Misericordia Hospital in January, Covenant Health
announced earlier this month.
The external hard drive, about the size of a book, was put under a desk
during the move and couldn’t be found a week and a half later. The files
were not originals, only four of the files have birth dates attached,
and none contain financial information, but the hard drive should have
been encrypted, said Covenant Health president Patrick Dumelie
“In this case, a staff member did not follow policy,” he said. “We have
a very solid policy that just wasn’t followed.”
The Office of the Information and Privacy Commissioner will be
investigating, he added.
The loss of personal medical data follows several other cases in Alberta
and shows the rules about handling confidential patient information need
to be written into law, said Friends of Medicare director David Eggen,
speaking after the announcement.
“This is a big concern and the government needs to standardize and
reinforce the confidentiality rules that come from the provincial
government, so we don’t see incidents like this in the future,” he said.
“It really compromises the sense of security that a family has around
our public health system. Especially considering how this government is
contracting out more services, confidentiality has never been more in
The hard drive was last seen Jan. 17. The employee returned to his old
office and noticed it was missing on Jan. 28. Covenant Health told Frank
Work, the provincial privacy officer, about the incident on Feb. 3, and
instructed each manager to search their areas of the hospital to try to
find the drive, a search that proved futile.
“I want to sincerely apologize to all of those patients and families for
this incident and any distress this may have caused,” said Dumelie. “I
also want to reassure anyone who comes to our facilities for care;
changes have been made and we are working with staff and the Office of
the Information and Privacy Commissioner to prevent this from happening
The files did not contain financial information. While they did contain
patients’ names, only four of the missing copies may contain patients’
dates of birth, financial or other private information.
The images were copies, and the originals are still stored on secure
Covenant Health servers, Dumelie said.
Covenant Health Protective Services did an internal investigation but
found no signs of break-in, leading them to believe the hard drive was
not targeted, Dumelie added. “We believe there’s limited or no risk of
Posted March 24, 2011