Manitoba Ombudsman lays “snooping” charge under The Personal Health Information ActReturn to listing
Apr 20, 2016
An investigation by Manitoba Ombudsman has resulted in one charge being laid against an individual under The Personal Health Information Act (PHIA).
Manitoba Ombudsman conducted an investigation following a report from Manitoba Health, Healthy Living and Seniors related to a privacy breach at its Provincial Drug Program. A former employee who had access to personal health information through their job, allegedly used that access to view information for purposes unrelated to their work. Upon completing the investigation, the ombudsman laid a charge against the individual under PHIA for deliberately accessing another person’s health information inappropriately.
“The personal health information of Manitobans is entrusted to employees and service providers in the health-care sector across the province. We believe most health-care providers respect this trust by using personal health information for authorized purposes,” said Manitoba Ombudsman Charlene Paquin. “Abusing that trust by intentionally violating the privacy of Manitobans is an egregious matter that has serious consequences.”
PHIA was amended on December 5, 2013 to make it an offence for an employee to wilfully use, gain access to, or attempt to gain access to another person’s personal health information, contrary to the act. This amendment was requested by Manitoba Ombudsman as a result of an investigation of a previous snooping incident.
This is the first time that a charge has been laid in Manitoba under this new offence provision in PHIA. The maximum penalty for an offence under PHIA is $50,000.
As this is a matter before the court, no further details on the case will be released by Manitoba Ombudsman.
The ombudsman investigates complaints from individuals who believe the privacy of their personal health information has been violated, as well as from individuals attempting to gain access to their own health information. The ombudsman also investigates privacy breaches that come to the attention of the office.