Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Pharmacist Convicted and Fined Under the HIA

Posted on February 1, 2021 by Meghan in Blog

Pharmacist Convicted and Fined Under the HIA

What Happened

An Edmonton pharmacist was in a vehicle accident. The pharmacist subsequently accessed and used the health information of the individual involved in the accident in an attempt to persuade the individual from submitting an insurance claim for the vehicle accident.

The individual submitted a complaint to OIPC in April 2018 and an investigation was launched.

Penalties

The pharmacist appeared in court on Friday January 15, 2021. He was convicted of an offence under the Health Information Act (HIA). He was ordered to pay a $5,000 fine, plus a $1,000 victim fine surcharge for using health information in contravention of the HIA.

This Could Happen To You

Are you prepared? If you have a privacy breach like this in your practice, be prepared to implement the 4 Step Response Plan.

pharmacist convicted fined

Understanding the Health Information Act

It is an offence under HIA to knowingly use health information in contravention of the act (section 107(2)(a)).

What Happens When A Privacy Breach Is Reported To The OIPC

When a privacy breach is reported to the OIPC, the OIPC will review the report and consider the custodian’s determination if a reasonable risk to the patient(s) was present. The OIPC will review the report and consider:

  • agree (or not) with the determination of risk of harm
  • was the patient notified appropriately
  • is there an offence under the HIA
  • is an investigation warranted?

If an investigation is indicated, the OIPC will conduct the investigation and report their findings to the Crown prosecutors at Alberta Justice. The Crown will determine if it continues to press charges under the HIA.

Privacy Breaches – What You Need to Know

1. Provide privacy awareness training for each employee and healthcare provider at orientation and regularly throughout the employment.

2. Collect the employee’s oath of confidentiality, including an acknowledgement that the employee understands the principles of only accessing and using the health information necessary to perform their job.

3. Monitor your users’ access to health information to quickly identify when a suspicious privacy incident occurs. The sooner you identify a privacy breach, the sooner you can limit the risk.

4. Implement your sanction policy when needed. Your sanctions policy clearly identifies the sanctions when an employee or healthcare provider is liable of an offence under the HIA.

5. Report a privacy breach to your custodians and healthcare providers, the Office of the Information and Privacy Commissioner, and the Minister of Alberta Health and the individuals affected by the breach.

 

4 Step Response Plan

The more you know about how breaches can affect you allows you to be more proactive to prevent privacy breach pain and protect the privacy, confidentiality, and security of your patients’ information.

This is one of the many training sessions available in the e-course 4 Step Response Plan – Prevent Privacy Breach Pain

In the e-course, I mentor you and provide you with tips, tools, templates and training to help you complete your Privacy Breach Management Plan and respond to a privacy breach with confidence.

Find out more and register for the course using the button below!

Click Here To Register for the 4 Step Response Plan online course

References

AB OIPC, (https://www.oipc.ab.ca/news-and-events/news-releases/2021/pharmacist-fined-for-breaching-health-information.aspx), January  2021.

Edmonton Journal https://edmontonjournal.com/news/local-news/edmonton-pharmacist-fined-after-post-collision-snooping-of-health-info-threatening-other-driver-privacy-commissioner)  January 2021

Did you enjoy this article? If you’d like to look at similar posts, visit these links:

Not sure what is considered a privacy breach? See When is a Privacy Breach a Privacy Breach?

 

Do you have a privacy breach awareness program in place in your healthcare practice?

Spotting a privacy breach is the first step to stopping a privacy breach.

You Can Use This Privacy Breach Example to Review and Improve Your Practice.

Jean EatonWhen we know better, we can do better…

I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you protect your practice.

PRIVACY BREACH NUGGETS are provided to help you add a ‘nugget' to your privacy education program. Share these with your staff and patients as a newsletter, poster, or staff meeting.

Jean L. Eaton, Your Practical Privacy Coach

4 Step Response Plan, Alberta, clinic, conviction, health, Health Information Act, healthcare, HIA, incident response, pharmacist, privacy breach

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

I have used Jean Eaton’s Privacy Impact Assessment consulting services on multiple projects at a very reasonable cost. Information Managers also provides a plethora of privacy information, education and training tools for minimal costs. One thing that has helped satisfy the training needs of staff for the PIA is paying for her in service program that is online and staff go through at their own pace while we monitor to ensure completion.

- Luke Brimmage, Executive Director, Aspen Primary Care Network

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

1 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}