Debates of February 17, 2014 (day 12)

Date
February
17
2014
Session
17th Assembly, 5th Session
Day
12
Speaker
Members Present
Hon. Glen Abernethy, Hon. Tom Beaulieu, Ms. Bisaro, Mr. Blake, Mr. Bouchard, Mr. Bromley, Mr. Dolynny, Mrs. Groenewegen, Mr. Hawkins, Hon. Jackie Jacobson, Hon. Jackson Lafferty, Hon. Bob McLeod, Hon. Robert McLeod, Mr. Menicoche, Hon. Michael Miltenberger, Mr. Moses, Mr. Nadli, Hon. David Ramsay
Topics
Statements

QUESTION 119-17(5): PRIVACY PROTOCOLS FOR ELECTRONIC MEDICAL RECORDS

Thank you, Madam Speaker. On February 6th I asked a question and I didn’t get a response, then I asked the same question on February 13th. Now I’m going to try a third occasion to ask the same type of question. What question is that? I’ve asked about the protocols to protect people’s privacy under our electronic medical records. Each time I’ve asked about what type of automatic protocol we have in place that informs the administrator of these programs that someone is cybersurfing or sometimes referred to as cyberstalking individuals.

Do we have any automatic protocols that notify the administrator that someone unauthorized to be reviewing these files, albeit they have authorization to work with these files, are peeking and sneaking through individual people’s private information? Thank you. Yes or no?

Speaker: MADAM SPEAKER

Thank you, Mr. Hawkins. I do recall that exact same question being asked before, but we will pose it to the Minister responsible again. Minister Abernethy.

Thank you, Madam Speaker. As I said in the past when asked this question, we do have a number of protocols with respect to who has access to records, but we also do have a quality assurance professional that does review who is accessing files isn’t looking specifically at the files themselves, but is looking at and monitoring access. That person looks to see how many people are accessing, how often an individual might be accessing a particular file, will check to see if somebody has the same surname as the file is accessing it to make sure people are only accessing files they should. If and when individuals have been identified as flagging a file more than is required, that is brought to the attention of the department so they can correct those actions. Thank you, Madam Speaker.

This is not the answer I’ve received on the two other occasions. Finally I’m getting a decent answer, I’ll give it that.

I want to know how this administrator of this particular program is informed, and what type of timely way are they informed to ensure there is some type of quality assurance and certainly some protection for those people whose files may be snooped upon.

What type of automatic process is involved? Will the Minister inform this house what type of process there is? Thank you, Madam Speaker.

With the EMR, it’s pretty much real time. The individual can access on a daily basis the records of how often, who and when individuals are accessing files. There are protocols that are flagged when an individual is accessing files. For example, someone who has the same surname, but also an individual accessing a related file time after time after time, as well as how long a particular file may be open to a particular user who has the authority to be there.

The quality assurance person makes those checks on a daily basis and monitors all files to make sure that people’s privacy is protected. Thank you, Madam Speaker.

I would like to now sort of package this under the concept of quality assurance. To understand quality assurance, how often has this happened and how is it particularly evaluated, maybe the Minister can enlighten us. I would like to know how often breaches happen, how often are files investigated, even if it’s not a technical or formal breach. Sometimes they need to be evaluated. So let’s put it on the record about quality assurance. Thank you.

The individual that’s doing that assessment is one of the quality assurance people making sure that EMR is being utilized appropriately.

With respect to individuals accessing or abusing the information, I’m not actually aware of any situations. I will talk to the department to see if we have any evidence or suggestions that someone has breached files confidentiality.

As I’ve said to the Member before, if the Member is aware of a situation, it sure would be nice if he would be willing to share that information so we can get into the system to make sure no breaches are happening. We take all breaches seriously and if the Member or any Member are aware of breaches, please let us know and we’ll fix the system, but right now we’re not aware of any breaches. Thank you, Madam Speaker.

Speaker: MADAM SPEAKER

Thank you, Mr. Abernethy. Final supplementary, Mr. Hawkins.

Thank you, Madam Speaker. The Minister said he’s not aware of any breaches. That said, can the Minister confidently say it also means that he may not be aware of any breaches? Thank you.

I’m not aware of any breaches in the system. Thank you.