620,000 patients affected
An Alberta, Canada-based medical group has come under fire this week after it announced that the health records of some 620,000 patients have been compromised in a data breach reportedly undisclosed for months.
Medicentres Family Health Care Clinics, a 27-clinic medical group in Western Canada, failed to notify federal officials until Jan. 22, some four months after an unencrypted clinic laptop was stolen from one of the clinic's IT consultants.
The laptop contained 620,000 patient names, dates of birth, health card numbers, medical diagnoses and billing codes, officials said.
[See also: 4-year long HIPAA breach uncovered.]
Alberta Health Minister Fred Horne has requested a formal investigation into the incident, under the Health Information Act. He announced Thursday that Privacy Commissioner Jill Clayton has indeed launched an investigation into Medicentres Family Health Care Clinics.
"Privacy of patient records in Alberta must be paramount," said Horne in a Jan. 23 statement. "I am extremely upset that a privacy breach of this nature could have occurred in the province of Alberta and believe that the 620,000 Albertans who have been impacted by the events of last fall should have been immediately informed that their personal information had been put at risk."
According to officials at Medicentres, the group notified the Edmonton Police Department and the privacy commissioner immediately after discovering the laptop had been stolen Oct. 1.
"Medicentres also takes its responsibility to protect personal health information seriously," read a Jan. 22 company statement."We apologize to all of its patients for any concern this may cause."
Contrary to HIPAA in the U.S., which requires covered entities and business associates to provide notification to individuals affected by a privacy or security breach, Alberta's Health Information Act does not require healthcare entities to provide notification following a breach.
Topic:
