Pharmacist Convicted and Fined Under the HIA
What Happened
An Edmonton pharmacist was in a vehicle accident. The pharmacist subsequently accessed and used the health information of the individual involved in the accident in an attempt to persuade the individual from submitting an insurance claim for the vehicle accident.
The individual submitted a complaint to OIPC in April 2018 and an investigation was launched.
Penalties
The pharmacist appeared in court on Friday January 15, 2021. He was convicted of an offence under the Health Information Act (HIA). He was ordered to pay a $5,000 fine, plus a $1,000 victim fine surcharge for using health information in contravention of the HIA.
This Could Happen To You
Are you prepared? If you have a privacy breach like this in your practice, be prepared to implement the 4 Step Response Plan.

Understanding the Health Information Act
It is an offence under HIA to knowingly use health information in contravention of the act (section 107(2)(a)).
What Happens When A Privacy Breach Is Reported To The OIPC
When a privacy breach is reported to the OIPC, the OIPC will review the report and consider the custodian’s determination if a reasonable risk to the patient(s) was present. The OIPC will review the report and consider:
- agree (or not) with the determination of risk of harm
- was the patient notified appropriately
- is there an offence under the HIA
- is an investigation warranted?
If an investigation is indicated, the OIPC will conduct the investigation and report their findings to the Crown prosecutors at Alberta Justice. The Crown will determine if it continues to press charges under the HIA.
Privacy Breaches – What You Need to Know
1. Provide privacy awareness training for each employee and healthcare provider at orientation and regularly throughout the employment.
2. Collect the employee’s oath of confidentiality, including an acknowledgement that the employee understands the principles of only accessing and using the health information necessary to perform their job.
3. Monitor your users’ access to health information to quickly identify when a suspicious privacy incident occurs. The sooner you identify a privacy breach, the sooner you can limit the risk.
4. Implement your sanction policy when needed. Your sanctions policy clearly identifies the sanctions when an employee or healthcare provider is liable of an offence under the HIA.
5. Report a privacy breach to your custodians and healthcare providers, the Office of the Information and Privacy Commissioner, and the Minister of Alberta Health and the individuals affected by the breach.
4 Step Response Plan
The more you know about how breaches can affect you allows you to be more proactive to prevent privacy breach pain and protect the privacy, confidentiality, and security of your patients’ information.
This is one of the many training sessions available in the e-course 4 Step Response Plan – Prevent Privacy Breach Pain
In the e-course, I mentor you and provide you with tips, tools, templates and training to help you complete your Privacy Breach Management Plan and respond to a privacy breach with confidence.
Find out more and register for the course using the button below!
References
AB OIPC, (https://www.oipc.ab.ca/news-and-events/news-releases/2021/pharmacist-fined-for-breaching-health-information.aspx), January 2021.
Edmonton Journal https://edmontonjournal.com/news/local-news/edmonton-pharmacist-fined-after-post-collision-snooping-of-health-info-threatening-other-driver-privacy-commissioner) January 2021
Did you enjoy this article? If you’d like to look at similar posts, visit these links:
Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?
Do you have a privacy breach awareness program in place in your healthcare practice?
Spotting a privacy breach is the first step to stopping a privacy breach.
You Can Use This Privacy Breach Example to Review and Improve Your Practice.
When we know better, we can do better…
I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.
PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.
Jean L. Eaton, Your Practical Privacy Coach