Debates of February 13, 2014 (day 11)
QUESTION 108-17(5): PROTOCOLS FOR PROTECTION OF ELECTRONIC MEDICAL RECORDS
Thank you, Madam Speaker. On February 6th of this year, I had asked the Minister of Health about what type of protocols kick in when someone who doesn’t have authorization is visiting other people’s files. In essence, they are cyberstalking. I don’t know any other way of describing it. The only way the people find out, that I’m aware of, is purely by accident. It could be quite some time between the initial incident and by the time they stumble upon it by information being shared. My specific question is built around what type of protocols that inform those who are in charge of the system and lets them know someone is viewing who is unfairly or certainly not empowered to be visiting files.
I’d like to know what the Minister has done in a week, if he has been brought up to speed on this file, because this is an important issue. Thank you.
Thank you, Mr. Hawkins. Minister of Health and Social Services, Minister Abernethy.
Thank you, Madam Speaker. I thank the Member for his question. As I indicated, we will share those protocols with the Member. I have had the opportunity to speak to the department about the protocols that are in place, including security passwords and all the other mechanisms that are in place to ensure that the privacy is secure.
I am not aware of any breaches of this system. A breach would be a serious issue. If there are breaches, I would appreciate the Member and all of my colleagues, if they’re aware, sharing those with us so that we can quantify them, fix them and make sure it doesn’t happen again. Thank you, Madam Speaker.
I’m not hearing anything that actually tips off the manager or the administrator of this type of private information that a particular person is spending hours, maybe even days examining individual and private files. I haven’t heard a single word built around that fact that there’s something that informs the administrator that something wrong is going on.
Would the Minister be able to speak to that issue specifically, to find out does anything address that type of problem? I’ve been informed they’re a problem, but I’m more worried about the broader protocols at this second to that issue.
Madam Speaker, as I indicated, we take our security on our records very seriously with respect to our medical records. As I indicated, if the Member would share with me, I’d be happy to dig in and look.
We do have a significant number of protocols, which I’ve already indicated I would share with the Member and I will be sharing those with the Member. We do have a significant number of staff within the department who monitor our programs to make sure the data coming in is appropriate and that people have the appropriate access to gain access to that information. So, I will share the protocols with the Member.
Madam Speaker, I guess I’m going to ask the Minister to contradict me, because I’m going to say this is happening and I want him to tell me this isn’t how it happens.
Somebody can be viewing a particular file, who’s not authorized, for hours on end. They have access to the system because that’s their job.
Is there an electronic process that kicks in to tell the administrator that situation X is happening and they should evaluate it as such, or is it when he’s referring to protocols is that, well, they find out when they find out? That’s what I’m trying to ask. Is the system designed in any way to tell the administrator that people are searching files that they should not be? Thank you.
As I indicated, I will share those protocols with the Member so that he can understand the protocols that are in place.
Individuals who have access to our electronic medical records are those individuals who have a reason to be reviewing those files with respect to the clinical management of a patient or client. But I will share those protocols with the Member. Thank you, Madam Speaker.
Thank you, Minister Abernethy. Final supplementary, Mr. Hawkins.
Thank you, Madam Speaker. I do appreciate the offer and certainly the public has not heard one iota that speaks to how those protocols are triggered within the system.
Is there a computerized system that pops up, alerts the administrator that files are being searched by unauthorized people, even though they are authorized on the system at large, and indicates that they’re spending time reviewing files that they shouldn’t be? Quite frankly, I think the public deserves some clarity on this issue because potentially folks could be out there searching. We don’t know if that’s the case, so I’m boiling it down to how is the system designed, what alerts the administrator and how do we ensure private information is protected.
I don’t want to be told we’ll sit down later and talk about it. I want to be told now and I think that should be shared with the public. Thank you.
Madam Speaker, as I indicated, only individuals who require that access or require that information that are involved in the circle of care would have access to those files. Thank you, Madam Speaker.
Thank you, Minister Abernethy. Member for Weledeh, Mr. Bromley.