×
An RN at the Yorkton Regional Health Centre was found to have snooped on 70 different people in 210 instances. (CJME file photo)

Snooping nurse fired from Yorkton Regional Health Centre

By Lisa Schick Apr 11, 2025 | 6:51 AM

The Yorkton Regional Health Centre was down a registered nurse last fall after one was fired for snooping into other people’s personal health records.

According to a report from the Information and Privacy Commissioner, Ronald J. Kruzeniski, the privacy breaches happened between Nov. 1, 2023, to May 3, 2024, at the health centre.

The registered nurse was found to have accessed health information 210 times, for 70 different people.

Read more:

The nurse declined to talk to the privacy commissioner, but he did have access to an internal investigation done by the health authority.

According to the investigation, at first the nurse tried to blame other employees for the unneeded access, then said it was part of the process for bringing in new patients – even though that wasn’t part of their job – and then said it was part of providing care to the patients, even though many of the patients were either not in the centre’s care, were dead, or weren’t patients relevant to the employee.

Eventually, the nurse admitted they looked out of curiosity and the investigation found they even snooped into patient files the same day they completed the health authority’s mandatory privacy training.

The RN was fired in October 2024.

The privacy investigation

Kruzeniski, the privacy commissioner, appeared to have trouble getting information from the health authority – in his report, he described being second-guessed for the first two months when his office asked for more information and detail from the SHA.

In his evaluation of the health authority’s handling of the breach, he found a problem that he’d come across in a handful of other health snooping cases – that the employee’s access to health records wasn’t taken away during the investigation.

In this case, suspicions around snooping started in March 2024 and the investigation began in April. The RN had been on leave in April but came back to a new job within the health authority in May, and their access to the health records system was restored. Through an audit, the health authority found the nurse had accessed the health information of another seven people in 27 instances in May.

Kruzeniski said it’s unclear how the health authority couldn’t have anticipated the nurse would continue snooping.

The commissioner said, in a past investigation, the SHA told him that removing a health-care worker’s access to electronic medical records would mean they wouldn’t be able to provide safe patient care, and it would put the patient at risk.

In this report, he asked how allowing a “snooper” access to medical records assured patient safety, saying it could be argued that it actually puts patient safety at risk.

With all this, Kruzeniski determined the health authority didn’t meet its duty to protect the patient’s personal health information.

The commissioner also found the health authority didn’t properly inform those affected.

When the authority was trying to inform people, Canada Post workers were on strike, complicating matters. So the authority tried to call those it couldn’t send letters to. Anyone who couldn’t be reached was sent a letter once the strike was over.

Kruzeniski said things were missing in the notification: there should have been descriptions of the possible types of harm that could come out of this and ways to mitigate them. The SHA’s report said it didn’t think there was any risk to patients, but the commissioner said that’s not the authority’s determination to make.

He said the notifications should have included a better description of the scope of information accessed, to include that things like addresses, birthdates and health numbers would have been available as well.

The report said the health authority should have included what steps were taken to prevent breaches in the future and that it would have been reasonable to provide the snooping nurse’s name. He said the victims would be in a better place to determine what harm might come out of the breach if they knew who had done the snooping, and that a “snooper” has a reduced expectation of privacy.

While Kruzeniski found the SHA appropriately investigated the breach, he said it didn’t take appropriate steps to stop it from happening again.

The commissioner recommended the nurse’s name and the investigation be forwarded to the Ministry of Justice to see about charges under the Health Information Protection Act (HIPA).

When asked to provide a response to the findings in the report, the Saskatchewan Health Authority said it wouldn’t be able to comment until after it files its response to the Information and Privacy Commissioner.

Discover more on CJME.com

More
Listen Live
On Air Now
The Vassy Kapelos Show
1:00 PM - 3:00 PM

NOW TRENDING

More

OPINION

Listen to daily commentary from provincial news director Sarah Mills

Prince Harry is back in the courts in the U.K. over the issue of police protection. Sarah Mills breaks down the case, sa...
Read More

Listen to daily commentary from program director Murray Wood

Every Friday, Murray Wood takes a look at the week's news and decides who's hot and who's not. This week's list focuses ...
Read More

LATEST WEATHER

Start your Saturday informed as Alex Brown breaks down the week’s top stories on Talk Shots.
To send a news tip to the 650 CKOM newsroom, text 1-877-332-8255.

TODAY ON EVAN BRAY

The Evan Bray Show Segments - Friday, April 11th

Tariffs and Canola farmers - are you shopping local? Sask. housing concerns and more, Regina Pats get 1st pick, It's Eat...
Read More