Charges unlikely against alleged snooping doctor: privacy commissioner
Graham Steele says GN ‘should think’ about updating existing legislation around prosecutions
Nunavut’s information and privacy commissioner appears skeptical that a doctor who allegedly snooped through a citizen’s private medical records will ever be charged.
While the territory’s Access to Information and Protection of Privacy Act allows for charges to be laid when violations are detected, there are too many obstacles preventing it from getting done, says Graham Steele.
It was one of the findings included when Steele filed his annual report Wednesday during the opening day of the Nunavut legislative assembly’s spring sitting.
The report highlighted recommendations for the Government of Nunavut, and specifically for the Health Department.
In a privacy breach reported in March, over an 18-month period starting in 2020 an unidentified doctor practising in Nunavut went through a colleague’s medical records without a legitimate reason.
At the time, the commissioner gave a list of recommendations to the Department of Health to tighten security and access to sensitive health information.
In interviews this week, both Steele and Health Minister John Main said that a formal response from the ministry hasn’t yet been submitted.
Under the territory’s privacy law, the department has 90 days— until late June —to respond to Steele’s report, which was released on March 27.
Steele said the Health Department and legislature, in consultation with the Justice Department, “needed to think about” prosecuting the doctor, whose contract with the GN was terminated and who has since left the territory.
In a news story in March, there was apparent confusion between the justice and health departments about whose responsibility it would be to charge the doctor.
In his annual report this week to the legislature, Steele suggested that existing prosecutorial power of the law needs to be updated.
Both RCMP and the Public Prosecution Service of Canada are doubtful prosecution “is within their mandate.”
The prosecution of alleged offences is usually handled by the territory’s Justice Department, creating a conflict of interest when offences involve GN employees who have access to sensitive information, Steele said.
“There’s nobody to investigate and nobody to actually prosecute,” Steele said.
In the Health Department case from March, where a “violation [seems] obvious and deliberate, there’s no consequences” under existing privacy law, he said.
Main declined to comment on specific cases, and said any response would be sent in writing to the privacy commissioner’s office.
While Steele said he generally sees room for improvement in the way the GN protects citizens’ privacy and shares public information, his annual report wasn’t all bad news.
“The Department of Health continues to be the GN’s leader on ATIPP,” it stated, regarding processing the public’s requests for access to information in a reasonable time while maintaining employees’ privacy.
Main said “the health information unit within health [has] been working to develop a culture of privacy within the department.”
Main noted the work done by Steele, saying the two officials “don’t always agree on things, as the commissioner noted in his report, [but] the relationship that we have is built on mutual respect.”
So did they at least report him to his licensing body? Doing what s/he did is a breach of ethics. The Dept. of Heath is giddy with delight at throwing capable nurses under the bus for much smaller infractions. It’s mysterious why they can’t figure out how to do anything about this case.
This case is a signal to all GN staff who have access to personal information: do whatever you want and the most that will happen is you might lose your job, and look at the lengths someone has to go to actual see you’ve violated their privacy, how likely will they be like this victim to ask for the specific records that show you were snooping? NEAR ZERO.
.
Even if you lose your job remember you’re in a world where employees can walk into any job they want because of demand. GN is staffed at 60% so maybe consider this a time to try out a new field! Even better is that just like this doctor, they can’t even put your name out there so your new job won’t even know what happened! The GN cannot even say you were involved in a privacy violation and were fired because it violates privacy to do so! AHA!
.
So just go hog wild – see if that guy at the bar has herpes if you’re in Health, see if he has a record if you’re in Justice, and see if he owes any money if you’re in Finance. See if that lady had her kids apprehended if you’re with Family Services or if that couple got divorced if you’re with Vital Statistics. Zero chance of being caught and zero consequences. Hell, collect all this data and sell it on the dark web.
.
No one cares and there are no consequences: the motto for Access to Information in Nunavut. Brought to you by the actually responsible Department staying super silent and away from all of this: Executive and Intergov Affairs as overseen by Premier PJ and DM Jimi Onalik. Remember EIA exists to dictate how all other Departments like Health should operate and how Justice should prosecute but hey, no one mentions them so they can stay out of the limelight.
Am I missing something? Isn’t a doctor supposed to look into patients files? What would be in there that’s so secret?
If the patient is not his or her direct patient, and they are not involved in that patient’s care, that physician has no reason nor right to go into that patient’s file.
180, The Doc did not look at a patient’s medical files he snooped through a colleague’s medical files … very big difference and a very clear violation of the law.
According to the ‘Information and Privacy Commissioner of Nunavut
Annual Report 2022-23’, Graham Steele notes, “In short, it appears that there is nobody to investigate or prosecute an ATIPPA offence. Even if there were, the maximum fine ($5,000) is hardly worth the
effort. Section 59, as currently written, is an empty threat. This is not a desirable situation. I bring it to the attention of the Legislative Assembly because a legislative response may be required.” > https://atipp-nu.ca/sites/default/files/NUIPC%20Annual%20Report%202022-23%20ENGLISH.pdf
Basically there’s no weight to the ATPPA because the consequence is an, “empty threat” —ATIPP Act is a farce making the whole process absurd, we just have the allusion of privacy from the ATIPPA.
What is the purpose of having a ATIPP person in each GN Department?
Nunatsiaq should be clear in reporting: The doctor committed an act of data intrusion on their colleague following a workplace incident. This occurred repeatedly over the course of 18 months, apparently while still working with the complainant. There is no “alleged” violation, it is fact.. The doctor admitted in writing that they purposefully violated the privacy of this coworker by reading their personal medical data. It is very disappointing that this issue is seemingly still unresolved. Where is this doctor working now? Do their current employers and licensing bodies know about this?