2 Hospital Employees Sell Patient Data to Companies

As many as 8,300 new mothers who had delivered babies at Rouge Valley Health System may have had their personal information given to private companies.

SCARBOROUGH, Ontario, Canada—As many as 8,300 new mothers who had delivered babies at Rouge Valley Health System may have had their personal information given to private companies wanting to sell them Registered Education Savings Plans (RESPs).

Ontario’s privacy commissioner is investigating the allegations after it was discovered that two Rouge Valley Centenary hospital employees inappropriately accessed the patient information for the purpose of selling the data to vendors, reports CP24.com. Both staff members used hospital computers to access the names, addresses and phone numbers of women who had given birth at the hospital between 2009 and 2013.

The vendors then called the former patients or their family members asking, “‘Do you have children? Do you want an RESP?'” the husband of a woman who gave birth to three children between 2010 and 2013 told TheStar.com. He says he continues to receive many calls from the telemarketers.

The breach was discovered twice: in October 2013 and March 2014. Both of the employees who provided the information to the companies are no longer employed by the hospital, and Rouge Valley contacted all of the individuals possibly affected. The hospital is also conducting an internal audit and is now tracking who has access to patient scheduling information.

Additionally, Canada’s Office of the Information and Privacy Commissioner and the Ontario Securities Commission are investigating the matter.

Photo via Wikimedia by Jason T. Poplin

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Tagged with: HIPAA

About the Author

robin hattersley headshot

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo