Info breach at Sask. Cancer Agency 'not acceptable': privacy commissioner

Firing should be considered, in extreme cases, for health employees who inappropriately access patients' confidential information, privacy commissioner Ron Kruzeniski says.

Kruzeniski was reacting to the information breach revealed Monday by the Saskatchewan Cancer Agency.

• Sask. Cancer Agency employees may have snooped on 48 patients

The agency says two employees looked up patient information on 48 people, even though it had nothing to do with their jobs. They have been disciplined, but the cancer agency refused to say what that entailed.

Both employees are still working for the agency, which operates cancer treatment facilities in Regina and Saskatoon.

The information they accessed included everything from the names of doctors to results of medical tests.

Kruzeniski is not calling for the employees to be fired, but says he is disappointed to hear this problem continues in the Saskatchewan health-care system.

"A breach has happened again," he said. "This is just not acceptable."

Whether it's idle curiosity, angry ex-partners or concerned family members who don't fully realize what they're doing, such violations of patient privacy must be stopped, he said.

"In extreme cases, I think the firing option should be strongly considered," he said.

Kruzeniski recommends that health agencies have more training and a refresher course to explain to employees what information they should and shouldn't have access to.

Also important is a requirement for mandatory reporting to the privacy commissioner's office when such breach occurs.

But "ramping up discipline" is also important, he said.

The provincial government has legislation in the pipeline that would make snooping in health records a specific offence. 

It's expected the anti-snooping section will be proclaimed into law in the fall, Kruzeniski said.