Listen to this article
Estimated 3 minutes
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
An employee in the emergency department at the Dr. F. H. Wigmore Regional Hospital in Moose Jaw has been fired for snooping in the health records of 98 people, as well as their own records.
The snooping was discovered after the employee asked a co-worker in April 2025 about a hospital stay that the person had been keeping strictly private, says a report from the Saskatchewan Information and Privacy Commissioner.
The co-worker reported the conversation to management, which began investigating.
The Saskatchewan Health Authority conducted a series of audits into the snooper’s use of the records system and found a total of 102 inappropriate accesses between July 1, 2024, and June 16, 2025.
The snooper claimed “a general lack of memory” when first confronted by management on May 30, 2025, but admitted sending text messages to a family member about an estranged family member who had been admitted to the hospital.
“I should not have accessed my [family member’s] records and I knew it was wrong and that I could get into trouble for it,” the snooper said in a submission to the privacy commissioner’s office.
“I also knew that it was wrong to check my own results and that I should have looked on my phone. I just felt so lousy and wanted to know what was wrong with me and go home.”
After the audits, the SHA removed the snooper’s access privileges on June 19 and then terminated the snooper’s employment on July 2.
Privacy commissioner Grace Hession David wrote in her report that she found the snooper had knowingly violated the Health Information Protection Act and the root cause of the privacy breach was the snooper’s failure to adhere to privacy training.
She found that the SHA provided timely notice to the affected people and took reasonable steps to audit the snooper’s access.
However, Hession David said the health authority did not remove the snooper’s access to the health records system as soon as it could have. The access privileges were removed on June 19, but could have been removed earlier.
“I recommend that SHA immediately suspend user accounts when there are grounds to believe that the individual is inappropriately accessing personal health information,” Hession David wrote.
She also recommended the health authority implement proactive monitoring and auditing of the records system to ensure employees are complying with privacy and security policies.