Nearly one-quarter of breaches of Manitoba patients’ private information since the start of 2019 occurred in the Northern Regional Health Authority, according to data obtained by and reported on by the Winnipeg Free Press.
From the start of 2019 up to April of this year, there were 1,149 privacy breaches in Manitoba’s five health regions. 273 of them were committed, either intentionally and accidentally, by people employed by the NRHA. The only region with more privacy breaches over the same time period was the Winnipeg Regional Health Authority, where there were 543.
In the Prairie Mountain health region, there were 171 breaches, while in the southern health region there were 144. The Interlake-Eastern region had only 18 private information breaches over the three-plus years.
The Thompson General Hospital was also one of two heath care facilities in the province where there was a big jump in the number of data breaches in one of those years, according to data obtained by the Free Press through freedom of information laws. There were 80 breaches at the Thompson hospital in 2020, compared to 45 the previous year and only 24 in 2021.
At Brandon Regional Health Centre in the Prairie Mountain region there were 85 breaches in 2021 compared to 21 the year before and 24 in 2019. That jump was the result of misdirected faxes from a transcription system, Prairie Mountain said, which has since been corrected.
The NRHA did not have an explanation for why there were so many more breaches at the Thompson hospital in 2020, the Free Press reported.
One employee was responsible for six of the NRHA breaches. They were reported to the Manitoba Ombudsman but there are no other records available showing what, if any, discipline the employee faced because the health region doesn’t formally track such data.
Most breaches are not made public, though affected patients are notified that their information may have been accessed. At times, however, wider notification is provided.
In May 2019, the NRHA issued a news release about a laptop that had been stolen from its administration building in Thompson two months earlier. The computer, which was password protected, contained personal information about 225 minors such as their names, birth dates, personal health information numbers and the results of one or two specific tests. The parents and guardians of the affected patients were notified and the theft was reported to the RCMP.