Wednesday, June 4, 2014

A Message from the CEO

The following is a message to RVHS staff which we are sharing in this public blog. 

As you are aware from previous messaging and e-Echos (staff newsletter), in the past six months, Rouge Valley Centenary has been subjected to privacy breaches, in which external companies (registered education saving plan (RESP) providers/sellers) either employed or paid two former employees to use their routine computer system access to steal contact information of mothers and families. This confidential information was used, by others, to contact former patients in order to sell them RESP investments.

This is a breach of patients' privacy, hospital policy and most importantly compromises the TRUST patients place in us as healthcare providers. The hospital greatly regrets that this breach occurred and has used it to further tighten its information security controls. We have strengthened procedures for logging and monitoring access to patient contact information. We continue to say sorry to all of our patients who have been impacted by this breach.

We view this with extreme gravity. The employees involved no longer work here. Our investigation continues. The hospital continues to conduct an audit to determine whether other breaches have occurred. We have proactively contacted the 8,300 mothers and families to inform them and to apologize during the last six months. We have also contacted the Information and Privacy Commissioner and the Ontario Securities Commission, which is investigating. We have also contacted the police and will fully co-operate with their investigations.

We are determined to stop any such activity and will continue our audit and investigation. I have also informed other hospitals, the Central East LHIN and through them, the Ministry of Health and Long-Term Care of this issue.

To you, our excellent staff, physicians, midwives and volunteers, we know that this highly inappropriate behaviour does not characterize the terrific work you do for patients every day. If you see or are aware of any such questionable activity, it is your duty and responsibility to bring this to the attention of Management. You may do this by speaking confidentially to your Manager, Director or VP; or you may call or speak to me directly, or you may use the Anonymous Confidential Report Line. 

Rik Ganderton
President and CEO
Rouge Valley Health System

No comments: