FIPA finally gets Ministry of Health records after two year battle

It took two years, but the records requested by FIPA in 2012 regarding contracts and other records related to the mysterious Ministry of Health data breach case have finally been released and are posted on our website.

FIPA had requested the following information:

Photo under CC license by Flickr: Tranchis
Photo under CC license by Flickr: Tranchis
  • Data sharing and other agreements involving the Ministry and four named individuals;
  • Correspondence between the Ministry and the four named individuals relating to the agreements, particularly correspondence about delays or impediments to accessing data for research purposes;
  • E-mails, memos or other notices to staff from the Ministry’s Assistant Deputy Minister of Information Management/Information Technology Division regarding delays or impediments to the release of data to researchers; and
  • Any policy changes relating to release of data to researchers.

FIPA made the request before the firings (and subsequent rehirings) of a number of Ministry employees and contractors working in the Ministry’s Pharmaceutical Services Division. The Ministry initially refused to release any documents, but eventually dropped a number of claims it was using to try to justify refusing to release the records.

The government’s main claim was that releasing these records would damage ongoing investigations into the situation. The Adjudicator was not convinced, stating:

“In my view, the Ministry’s submissions are based on speculation, and there is no objective evidentiary basis for concluding that the harms the Ministry fears will result from disclosure to the applicant.”

The Ministry was also unsuccessful in claiming other records were policy advice or personal information. They were able to keep various computer related records secret, such as passwords.

The records show there was a great deal of concern about getting documents to UBC for signing before the beginning of Question Period to allow the minister to provide a positive answer to questions (p. 265-68). Many of the emails seem to relate to technical difficulties with the wording of the contracts, and also difficulties in gaining access to medical records, usually for technical reasons. There is also mention of the “swamp of data access” (p. 288) and concerns about conflicts of interest being used by “our detractors” (p. 300).

FIPA finally gets Ministry of Health records after two year battle

Print

NEWS RELEASE
December 15, 2014

FIPA finally gets Ministry of Health records after two year battle

 

VANCOUVER, December 15, 2014—The records requested by the BC Freedom of Information and Privacy Association in 2012 regarding contracts and other records related to the mysterious Ministry of Health data breach case have finally been released. They are now available on the BC FIPA website.

https://fipa.bc.ca/foi-release-ministry-of-health-data-breach-final-release/

FIPA had requested:

  • Data sharing and other agreements involving the Ministry and four named individuals;
  • Correspondence between the Ministry and the four named individuals relating to the agreements, particularly correspondence about delays or impediments to accessing data for research purposes;
  • E-mails, memos or other notices to staff from the Ministry’s Assistant Deputy Minister of Information Management/Information Technology Division regarding delays or impediments to the release of data to researchers; and
  • Any policy changes relating to release of data to researchers.

“It’s hard to see why the government fought so hard to prevent the release of these records,” said FIPA Executive Director Vincent Gogolek. “It looks like the government was attempting to prevent embarrassment more than anything else.”

The records show there was a great deal of concern about getting documents to UBC for signed before the beginning of Question Period to allow the minister to provide a positive answer to questions (p. 265-68). A lot of the emails seem to relate to technical difficulties with the wording of the contracts, and also difficulties in gaining access to medical records, usually for technical reasons. There is also mention of the “swamp of data access” (p. 288) and concerns about conflicts of interest being used by “our detractors”. (p. 300)

The government initially refused to release any of these records, and their main claim was that releasing these records would damage ongoing investigations into the situation. The Information Commissioner’s Adjudicator was not convinced, stating:

“In my view, the Ministry’s submissions are based on speculation, and there is no objective evidentiary basis for concluding that the harms the Ministry fears will result from disclosure to the applicant.”

Contact:

Vincent Gogolek, Executive Director
BC Freedom of Information and Privacy Association
Email: Vincent (at) fipa.bc.ca
Phone: 604-739-9788
Cell 604-318-0031
http://fipa.bc.ca

Download the release as a pdf

Ministry of Health fails to protect sensitive personal information: new report

In a report released earlier today, B.C.’s Information and Privacy Commissioner Elizabeth Denham finally opens the door on last year’s data breach at the Ministry of Health and finds “a number of weaknesses in Ministry controls over personal information.”

Denham’s report doesn’t mince words. During her investigation, she found “a complete lack of monitoring, enforcement and evaluation” within the Ministry. “There was no audit at any level of employee or researcher compliance with privacy policies. Nor did the ministry conduct any reviews of privacy provisions in agreements that provide for information sharing” (p. 15).

“This report shows an abject failure to use even basic means to protect our health information,” said Vincent Gogolek, Executive Director of the B.C. Freedom of Information and Privacy Association. “It’s the natural fallout from a government more committed to pushing personal health information out the door than protecting the privacy of British Columbians.”

Around the time his officials were investigating internal reports of these breaches and unauthorized disclosures, former Health Minister Mike De Jong promised to speed up the turnaround time on researcher requests for Ministry data (p.9).

“The government’s priority was providing quick turnaround for contract researchers,” said Gogolek. “Unfortunately, it’s now quite clear that the protection of our health information was not a priority for them whatsoever.”

Even the contracts with researchers were shoddy. Some contracts referred to appendices regarding security controls, but those appendices, Denham finds, did not exist. Other contracts didn’t even include so much as an oath of confidentiality or a specific confidentiality agreement.