Fine Levelled Against Former Covenant Health Employee for Privacy Breaches

January 30, 2020

A former Covenant Health employee pleaded guilty on Monday, Jan. 20 to knowingly accessing health information in contravention of the Health Information Act (HIA). Amanda Vandenberg received a $3,000 fine and one year of probation, including no access to health information for one year.

Ms. Vandenberg admitted to illegally accessing the health records of 16 individuals on 465 occasions. The accesses occurred at the Misericordia Community Hospital in Edmonton, Alberta where she was employed as a secretary.

The Office of the Information and Privacy Commissioner (OIPC) opened an offence investigation into Ms. Vandenberg’s unauthorized accesses of health information after Covenant Health reported a privacy breach in November 2017.

Upon conclusion of its investigation, the OIPC referred findings to the Specialized Prosecutions Branch of Alberta Justice. Charges were laid in June 2019.

It is an offence under HIA to knowingly gain or attempt to gain access to health information in contravention of the Act (section 107(2)(b)).

There have been 14 convictions for unauthorized access to health information under HIA since 2001.