From: Bruce Cooper
Deputy Minister of Health and Social Services
Dear editor,
I am writing to correct the record in response to the July 6 Yellowknifer editorial, “An unhealthy lack of respect for privacy”.
The article states that the stolen laptop contained medical records. This was not the case. A medical record contains a patient’s medical history and care over a period of time.
The laptop contained health information in data tables that was used for statistical purposes. Most data indicated name and/or date of birth and/or health care card number and was related to flu vaccinations or tuberculosis cases. The data was collected under the Public Health Act and was used to monitor health trends in order to improve the delivery of health care on the front lines.
In 2015, a new Health Information Act came into effect that set out stronger protections and requirements for managing NWT residents’ health information. One of the new requirements of the Act is that NWT residents are notified of any privacy breaches, consistent with the government’s commitment to openness, transparency and accountability. We also launched an investigation as soon as we were notified of the potential breach.
Our investigation determined that the stolen laptop was in a locked vehicle in a location that was not visible from outside the vehicle. The laptop had strong password protection, and the best information available at the time was that the laptop was encrypted. The investigation conducted by the Chief Health Privacy Officer later found that it was not encrypted. The government encrypts all supported laptops and tablets in the department; however, for this particular laptop the encryption process either failed or was missed and not detected. The department has since confirmed that all of its portable devices are encrypted.
We take the protection of privacy of NWT residents very seriously and regret that this occurred. The department deeply respects and holds itself to a high standard in the protection of personal health information. In this instance, that standard was not met, not because of disregard or disrespect, but due to the theft of a device that was believed to be encrypted.
The department is working with the GNWT Chief Information Officer and technology service providers to review its policies and practices, and to identify areas of improvement while continuing to support quality public health surveillance and clinical support.