Province set to double health data breach fines

By Erin McCann
10:58 AM
'We need to make sure we're providing the safeguards'
Toronto photo by Benson Kua via Wikipedia

Following several "high profile" healthcare data breaches, the health minister of one Canadian providence has promised to make patient privacy more of a priority by doubling the fines for a healthcare breach.

In a Wednesday press conference Ontario Health Minister Eric Hoskins, MD, said he will again be introducing health privacy legislation in the fall that would effectively double fines for individuals and organizations found to have violated the province’s health privacy law, CTV News reported. The fines, Hoskins said, would increase to $100,000 for individuals and $500,000 for organizations.

"Over the course of the past almost year, there have been a number of, perhaps I can call them high profile breaches, that have occurred in hospital environments of Ontarians – all of them completely unacceptable," Hoskins said to the press. "Electronic medical records, health records, are a very positive development, but we need to make sure we're providing the safeguards."

This announcement follows several Ontario health privacy breaches that have made big headlines in recent months, including the compromise of former Toronto Mayor Rob Ford's medical record, after two hospital employees inappropriately accessed his files.

Despite the province's health privacy law, Personal Health Information Protection Act, being established back in 2004, there have been no full prosecutions by the government under the law, leading to criticism over lack of action.

Currently, in the U.S., civil penalties for HIPAA privacy and security violations stand at up to $50,000 per violation for breaches involving willful neglect that remain uncorrected.

Most recently, the U.S. Department of Health and Human Services' Office for Civil Rights, the division responsible for enforcing HIPAA, hit Cornell Prescription Pharmacy with a $125,000 settlement for violating HIPAA. The Denver-based pharmacy disposed of paper medical records in a unsecured public location on site, without shredding.