Daughter of deceased potential ID theft victim livid over delayed notice

Healthcare and Public Health // Ontario, Canada

A Sault Ste. Marie woman is considering legal action after learning in April that her mother’s files were accessed by an unauthorized hospital employee four years ago, in 2010, one full year after her mother passed away in 2009.

A March 31 audit of the Sault Area Hospital MediTech system identified the breach.

The hospital announced in mid-April an employee had committed 144 inappropriate intrusions into patient files using the system, dating back to 2008.

An April 23 notification letter informed the woman, who does not wish to be identified, that the files were accessed “outside the scope of the employee’s regular duties or job functions.”

Data involving her mother’s recent and past visits to the hospital, name, date of birth, address, telephone number and Ontario health card number were inappropriately checked.

The hospital claims there is no reason to believe personal information had been shared.

The woman, however, tells SooToday.com, she remains concerned her mother’s information may have been passed on to others.

“Can’t health card numbers be copied down by pen and paper…I don’t see where the hospital’s confidence is,” she said.

“I find it flippant and insulting for the hospital to say the employee was being nosy…how do they know for certain the employee was just being nosy (and did not pass the information along)?”

“What was the motivation [of the SAH employee] to do this?”

“My mother had cancer twice and beat it and she died from ALS which is a horrible disease…she’s now in her grave, she should be left alone,” the woman said.

“She was an extremely private person and I don’t think she would have appreciated this.”  

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.