Two employees at the Toronto hospital where Rob Ford is undergoing cancer treatment inappropriately accessed the mayor’s confidential medical records, a breach that led the hospital to mete out unspecified “action” against the staff members.
Mount Sinai Hospital confirmed Thursday that a pair of employees who are not part of Mr. Ford’s treatment team accessed his health records.
“We became aware of this activity through a robust system of safeguards and auditing procedures designed to ensure compliance to our security and privacy policies,” Sally Szuster, the manager of communications and public affairs at Mount Sinai, said in an e-mailed response to questions. “We immediately investigated and appropriate action has been taken, as per our strict code of conduct and privacy policies.”
She said the mayor has been notified of the breach, something that is required under the Personal Health Information Protection Act, the provincial legislation that safeguards patients’ medical records.
Ms. Szuster would not say what punishment, if any, the employees received, what jobs the employees hold or held at the hospital, or when Mr. Ford’s records were accessed.
“We sincerely regret that these privacy breaches occurred,” she said.
The mayor became one of Mount Sinai’s highest-profile patients when he was transferred to the hospital on Sept. 11 with a large and, at that time, unexplained abdominal mass.
Mount Sinai’s doctors diagnosed the mayor with liposarcoma, a rare, malignant tumour that arises in fatty tissue. He has since undergone two courses of chemotherapy at Mount Sinai in a bid to shrink the tumour.
Mr. Ford’s ill health forced a massive shake-up in the Toronto election campaign. He dropped out of the mayor’s race, put his name on the ballot for his old council seat in Etobicoke, and urged his followers to throw their support to his older brother Doug, who joined the mayoral contest an hour before the deadline to sign up.
The elder Mr. Ford said Thursday night that he has not spoken to the mayor about the privacy breach at Mount Sinai, but he praised the care his brother has received there.
“They did a lot of good things for Rob and millions of others over the years,” Doug Ford said as he arrived at a mayoral debate. “They have a very capable CEO, a very capable chief of staff for the doctors. I know they will handle it appropriately. I know they will do the right thing.”
Brian Beamish, Ontario’s acting information and privacy commissioner (IPC), said it is difficult to say how often hospital staff violate the rules by looking at the private medical records of patients they are not treating.
“We don’t have specific numbers on how often this happens,” Mr. Beamish said by e-mail. “[The] Personal Health Information Protection Act requires hospitals to notify patients of breaches. There is no requirement to contact the IPC. However, it has become a best practice to do so prior to patient notification. Anecdotally, inappropriate access by staff occurs more than we would like.”
This is not the first privacy breach at a Toronto hospital to make the news this year. In June, it emerged that two former employees at Rouge Valley Health System in Scarborough allegedly provided the personal information of thousands of patients, mostly new parents, to companies marketing registered education savings plans.
Michael Crystal, the Ottawa lawyer who is spearheading a class-action lawsuit against Rouge Valley and two other hospitals where privacy breaches are alleged to have occurred, said that in his experience, hospitals tend to terminate employees who snoop in patient files.
“In these types of cases, the employees are typically fired,” Mr. Crystal said.
With reports from Elizabeth ChurchReport Typo/Error