Mahsi, Mr. Speaker. Mr. Speaker, my questions are for the Minister of Health and Social Services. One of the takeaways from the 2017 investigation by the Information and Privacy Commissioner into the privacy breach at the Inuvik Hospital is that it was almost certainly avoidable if the recommendations from the 2012 investigation had been acted on. In an effort to ensure there is action on the problem this time, I am looking for information on the implementation of the 2017 recommendations. My question is: who is in charge of privacy issues at the Inuvik Hospital, and who does that person report to? Mahsi.
Masi. Minister of Health and Social Services.
Thank you, Mr. Speaker. Mr. Speaker, a number of things have happened since 2012, including the introduction of the Health Information Act, which is actually an item that was recommended by the privacy commissioner. With that new act, we have done a number of things. We have set up a number of new privacy policies. Those have been put in place basically since May 2017. They follow up on recommendations of the Privacy Commissioner but are also consistent with things we need to do under the act. Those focus on things like privacy breaches and the requirement for privacy impact assessments, the requirement for mandatory training, as well as how we utilize mobile devices within the system. In addition, we have put in a new public awareness campaign and materials about the clients' rights. It is important the clients understand their rights and what information they can access, how information is used.
Since the incident the Member referred to in Inuvik, since June 2015, the department has delivered over 57 territory-wide health information training sessions for over 373 staff. This is on top of the training that is done at a local level for local staff.
Beginning this year, this winter 2018, there are some new privacy training modules in place that will be delivered to all health and social services employees in order to meet our mandatory training requirement. We have also hired a new territorial risk manager. One of their roles is to develop and implement programs and policies that will mitigate risk and improve the overall health privacy across the entire Northwest Territories.
I thank the Minister for his response. I would like to ask: specifically at the Inuvik Hospital, the breakdown was that privacy wasn't anyone's job, so I am going to repeat my question: who is in charge of privacy at the hospital, and who does that person report to? Thank you.
We have the territorial risk manager, as I have indicated. We also have a territorial health information director or manager. At a local level, all employees are in fact custodians and have a responsibility under the Health Information Act. Ultimately, in every one of our regional offices, the COOs have the responsibility to ensure that all of their staff are properly trained and have a clear understanding of their obligations under the Health Information Act.
I would like to know from the Minister what restrictions are now in place in Inuvik within the electronic record system to limit access to the records based on the actual job the person does at the hospital.
As I indicated, every individual is getting trained. Many of the individuals in the Inuvik regional office in the Inuvik health and social services region have been trained. They understand the roles and responsibilities. There are limitations on what the individuals can see through our medical records. We are ensuring that our people who have the training understand their roles and responsibilities under the Health Information Act.
Oral Questions. Member for Yellowknife Centre.
Mahsi, Mr. Speaker. Mr. Speaker, the Health Minister has demonstrated that he has, let's say, a heightened understanding of the importance of privacy and that is reflected in Inuvik and elsewhere. Can he tell us with respect to the privacy breach in Hay River whether the same safeguards are in place there? Thank you.
The situation in Hay River and Inuvik were different. As we roll out the Health Information Act, we get out and train. Also, as we move forward with the single authority, what is clear is that, in the past, not all authorities have applied rules as consistently or the same as others. Having a single authority has really given us an opportunity to make sure that our rules and our procedures and our territorial legislations be applied consistently.
The Hay River situation, as I said, was slightly different than the Inuvik situation. The data that was in question wasn't the same type of data. The breach wasn't the same. We take both of them very, very seriously. We have been in touch with patients who were affected. We have made sure the employees understand where they had possibly breached the legislation. We are making sure they have the training. We need to make sure that in every corner of the Northwest Territories, in every office, every health office, every health delivery agency, that they understand their roles. That is why we are requiring everybody to have the mandatory training, which we are rolling out as we speak. Thank you, Mr. Speaker.
Masi. Oral Questions. Member for Nahendeh.
