Investigation Finds That Clinic Met Requirements to Complete a Privacy Impact Assessment and Maintain Safeguards to Protect Health Information

October 3, 2003

Frank Work, Information & Privacy Commissioner, publicly released an Investigation Report concerning the theft of computers from a medical clinic.

The Commissioner’s Office found that the Clinic had met the requirements of the Health Information Act by completing a Privacy Impact Assessment and implementing safeguards to protect health information. Although computers were stolen, health information was protected as the Clinic had saved all health information to a data server that was secured in a locked room.

The Office commented that the steps taken by the Clinic to comply with the Health Information Act and implement safeguards to protect health information served to keep this incident from becoming a privacy breach.