EDMONTON - Could strangers have access to all your electronic health records with just a click of a mouse? A family at the centre of a privacy commissioner investigation tells Global News that because of a flaw in the system, it's happened to them, and they are now calling on the province to better protect Albertans' privacy so that it doesn't happen to others.
Right now, medical personnel can access the records of any Albertan through a province-wide database called Netcare. But what if the personnel accessing your file is a curious neighbour, a stalker, or an ex-spouse?
David Neibach became suspicious that his records were being looked at without authorization during his divorce proceedings, when his ex-wife's lawyer asked about his medical history.
"I didn't quite understand," Neibach said. "There were no concerns or allegations in the past of any medical history of mine."
He then realized that because his ex-wife works at the Misercordia ER, where her partner is also a doctor, the two could potentially have had access to his medical records.
So Neibach requested a free audit log showing who viewed his file and when, and couldn't believe the results. Despite not having been ever treated at the Misercordia ER, someone had looked at his file 30 times from different log-ins, often late at night.
A subsequent investigation found that it wasn't just his files being accessed. His mother Sabine's records were viewed once, and David's new partner Ashley Elniski's information was pulled up 36 times, much to her dismay.
"I was absolutely devastated," Elniski said. "I couldn't believe that someone could access my health records so easily."
David's mother Sabine Niebach also felt very invaded. "I have issues I don't discuss with my husband and not with my kids, and a person that has nothing to do with me is able to go there."
A report released in December by Alberta's Privacy Commissioner states the ER physician admitted to accessing the information on 15 separate occasions using 12 colleagues' accounts. The Commissioner added that "Covenant Health did not train its physicians in information security."
Sabine, who's been a nurse for more than 30 years, believes medical staff shouldn't need a refresher course, though.
"I have signed that (oath) when I was 20 years old and we didn't even have computers but I knew what it meant and until this day nobody had to refresh my mind about confidentiality, I know what it means."
She adds that she believes the current system doesn't make Albertans secure enough.
"If I don't log out and I walk to my patient...another person could go there and sit there and look some other person up. Its very easy, you just need to know the name, you don't even need to know the healthcare number," she explained.
Niebach said Alberta Health Services called it "a singular unfortunate event," which he disagrees with.
In fact, just last December, a pharmacist was fined $15,000 after pleading guilty to misusing Netcare by "knowingly obtaining or attempting to obtain health information.
The Niebach family claims in their case, there has been no apology or reassurance improvements have been made to protect others.
"I don't have any comfort that this wouldn't happen to any other Albertan," Niebach said. "I don't believe that the system is being fixed or being fixed fast enough to address these flaws, its not something an Albertan can opt out of so your records are there."
Covenant Health and Alberta Health and Wellness both refused to comment because the Niebach family is pursuing the matter in court. Officials wouldn't even say if any changes have been made to tighten up access to the Netcare system.
David Neibah has started a Facebook page urging all Albertans to request a log to see if their records have been accessed without cause.
You can find the form to request a log below:
Request to Access Health Information
This is what the filled out request form should look like:
With files from Julie Matthews, Global News
© Global News. A division of Shaw Media Inc., 2012.