Health records are among the most sensitive and protected materials. Despite these characteristics, it has been very difficult to terminate employees who improperly access others’ information. That may be changing if a Saskatchewan arbitrator’s decision is any indication.
In Health Sciences Assn. of Saskatchewan v. Saskatchewan Assn. of Health Organizations (Jane McHattie Grievance)  S.L.A.A. No. 3, a physiotherapist’s curiosity resulted in the loss of her employment after 25 years with the Prairie North Health Region. The employee had as part of her duties access to a provincial database, PACS (Picture Archiving and Communication System) that allowed her to view electronic medical images and reports of the patients in her care. Despite numerous policies and procedures in place that limited her access to her patients’ records, the employee looked at the images and reports of individuals who were not in her care. She claimed she looked at the files for “medical curiosity” and that she did not know that looking at the files of individuals who were not her patients was wrong. On the other hand she acknowledged that looking at the paper or hard files of non-patients was wrong.
When the employer discovered the breach it examined her usage of the PACS system and learned that hundreds of records had been improperly accessed. The physiotherapist was terminated and her actions were reported to her professional regulatory bodies , the Saskatchewan and Alberta Colleges of Physical Therapists.
The physiotherapist was a member of the Health Sciences Association of Saskatchewan and she grieved her termination. Arbitrator Hood upheld the termination, concluding that the Grievor was not credible when she claimed she did not know her snooping in the electronic records was wrong. Also, the explanation offered by the Grievor that she accessed the records out of medical curiosity and for learning purposes was also unbelievable; in many instances she looked at files of people who had no connection with the type of work she did or who had no previously known medical issue.
Accessing personal health information about a person who is not in one’s circle of care, without a need to know, is a serious breach of privacy. Arbitrator Hood noted that the seriousness was exacerbated by the group of people “whose confidentiality rights were violated. The persons included past and present co-workers, supervisors, senior management of the Employer, immediate and extended family, as well as well known, prominent members in the community”
As electronic health records become more common and accessible to more and more health care providers this case will stand as a strong warning to those with access to those electronic records. If their curiosity overtakes them they risk the loss of their employment.