Office of the Saskatchewan Information and Privacy Commissioner. Guide to LA FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 335 offence under The Health Information Protection Act (HIPA) has occurred and whether charges should be laid against the snooper. In Investigation Report 228-2015, an employee had snooped on the personal information of 4,382 current and former SaskPower employees and copied files from that data. The Commissioner recommended that SaskPower forward its investigation file to the Public Prosecutions Division at the Ministry of Justice and Attorney General. Further, the Commissioner recommended that SaskPower report the matter to the employee’s professional association. The Commissioner has also investigated snooping cases where there have been unauthorized accesses into Saskatchewan Government Insurance’s Auto Fund Database, including a matter where an employee of an issuer had been making unauthorized accesses since 1995. The Commissioner raised awareness around this issue in his blog, Insurance Brokers Snooping. In other jurisdictions, fines have been issued for snooping. For example, in Alberta: • A pharmacist was fined $15,000 for inappropriately accessing information of individuals on Alberta’s Netcare system. • A former Alberta Health Services employee was fined $5,000 plus another $1,000 victim surcharge, for the inappropriate accessing of information of 189 individuals 985 times over a two-year period. • A former Covenant Health employee was fined $3,000 for the inappropriate accessing of information on 16 individuals on 465 occasions. In Ontario: • A Masters of Social Work student was ordered to pay a $20,000 fine plus a $5,000 victim surcharge for snooping on the personal health information of five individuals. • Two radiation therapists at University Health Network were ordered to pay $2,000 fines. • A registration clerk at a regional hospital who snooped on 443 patients was ordered to pay a $10,000 fine. Methods to deter snooping include local authorities establishing policies that set the expectation that employees are to only access personal information or personal health information that is necessary for their work. Local authorities should be delivering training on such policies and provide regular reminders of the expectation. Further, local authorities
RkJQdWJsaXNoZXIy MTgwMjYzOA==