Lee Griffi, Local Journalism Initiative Reporter
The Woodstock Hospital is dealing with another breach of privacy and at least one person affected has no idea what information was leaked.
The Woodstock resident, who did not want to be named, was a part of the breach and said it’s disturbing to find out this is the second incident in 2024.
“I am just shocked they don’t have more procedures in place to catch stuff like this. I don’t like it whatsoever. It terrifies me to know information like that can be passed around or seen by anyone.”
The patient, who did not want to be identified and will be called Jane Doe for the purpose of the story, said she isn’t satisfied with the hospital’s response. She listened to a voicemail from the facility before calling back.
“No, not at all. When I called back, they didn’t even have it reported (to the provincial privacy commissioner) yet. They weren’t even sure if they were going to be sending letters out to anyone and I feel it’s important for people to get something like that in writing.”
The hospital released a written statement approximately 48 hours after being contacted by the Echo.
“Earlier this week, a staff member inadvertently emailed a patient list to one, unintended, recipient. Upon identifying the error, the recipient confirmed with our staff that they deleted the document, ensuring the situation was contained. Woodstock Hospital has followed Ontario’s Personal Health Information Protection Act, notifying the Information and Privacy Commissioner and the affected patients. Our organization encourages staff to report accidental errors so that we can continue to learn, improve our processes, and maintain the highest standards of patient care and privacy.”
The Echo reached out to Chelsea Fagan, the hospital's communications and public relations officer, with some follow-up questions. Among them was what information was released in the attachment such as names, addresses, health card numbers or phone numbers; is the person responsible for the error was still an employee of the hospital; should the hospital face a fine from the privacy officer for this and/or the previous breach; and where does the money come from to pay that fine?
Fagan responded by saying, “Thanks for reaching out again. Please use the statement provided as the hospital’s comment on this matter.”
What the hospital statement didn’t say is the roster was sent to a patient on the list of the mental health day program, something confirmed in a recorded call with Libby General, the hospital’s director of health information and privacy.
“One of the clinicians meant to attach a schedule of events and added and wrong attachment and attached a list of all of the roster of the day hospital patients and your name was on that list. It was sent to one patient and that patient has deleted the email and has acknowledged they have not done anything with it. So, it has not gone anywhere but we are obligated to let you know that did happen,” said General.
General added there was no clinical information released.
“We don’t have any concerns about anything having been done with that information. The patient responded immediately and said I don’t see a list of events, I see a list of patients,” added General.
Doe told the Echo she hasn’t attended the program in at least a year and a half and doesn’t understand why she is still on the list. She also said she’d like to know what private information was released, something the hospital won’t comment on.
“I was told it was a roster. I don’t know if there was more information on it or not which is why I wanted something in writing. I don’t know why my name was even on it.”
Doe, who admitted to having mental health issues, said she wound up in the emergency department just after the ordeal.
“I have anxiety but since this happened, I felt tingling in my left arm and my blood pressure was high. I went to the hospital and had some tests and bloodwork and the staff was really good.”
Ryan Purdy, a victim of the first privacy breach earlier this year at the hospital, said he must have been on the roster of those attending the program. He told the Echo he contacted General and it wasn’t a friendly call.
“She was very standoffish once I told her who I was. I said I heard there was a breach involving the mental health day program and the full roster of patients was leaked. I told her I'd been doing those programs for a year and a half and I wanted to know if I was on the list.”
According to Purdy, General said he would get a call if he was. He also told the Echo he was blocked from the hospital’s Facebook page.
“I said she should know if I'm on it so either yes, I am or no I’m not. She said I can’t tell you anything more. She added the last time we talked I took the issue to the radio and the newspaper and then she hung up on me.”
Purdy was concerned about the integrity of his health care in the first breach, something Doe echoed as she was not told if her health card number was on the sent attachment. She also wants to know what exactly was sent out.
“It doesn’t give me any comfort. They haven’t told me if it was a roster or a roster with something else on it. My health card number, I’m thinking, is probably on it.”
Commentaires