Conviction, Fine for Breaching Health Information

September 27, 2016

A woman recently pleaded guilty to accessing the health information of 26 people in contravention of the Health Information Act (HIA). The judge issued a $5,000 fine on Sept. 21 (Calgary Provincial Court docket 151323870P1).

In April 2014, Judy Anderson’s unauthorized accesses of health information were discovered when Alberta Health Services (AHS) conducted database audits, including Alberta Netcare, the provincial electronic health record system. The breaches occurred between November 7, 2013 and March 31, 2014.

The audits flagged instances where Anderson accessed files of adults who shared her last name, as well as adults with no connection to the program in which she worked.

Anderson worked at the Alberta Children’s Hospital in Calgary where she was responsible for entering and confirming data relating to newborns with congenital anomalies.

The breach was discovered by AHS in April 2014 and reported to the Office of the Information and Privacy Commissioner (OIPC).

The OIPC completed an offence investigation then referred the matter to Crown prosecutors at Alberta Justice. Charges were laid in November 2015.

This was the fifth conviction since HIA was enacted in 2001. There are currently two other matters before the courts where individuals have been charged for allegedly accessing information in contravention of HIA.