In Canada, Manitoba’s Shared Health organization is responsible for coordinating the medical care of the province’s residents. However, according to an audit report by Tyson Shtykalo, Manitoba’s Auditor General, the organization is not meeting its own identification and password requirements, nor those of the province.
In particular, the audit found that an inordinate number of Shared Health employees has access to user health information -including all system administrators-, and that some of them still had access to this sensitive data even after leaving their jobs.
The report highlights the risks associated with these bad practices such as data theft and serious privacy issues. Pierre Blain, Executive Director of Les usagers de la santé du Québec, used the publication to call for federal legislation to protect health data.