Delayed reporting of a labelling mistake at the Behchokǫ̀ health centre led to one client receiving unnecessary treatment and another not getting recommended treatment for a year, according to a review of the incident.
The Tłı̨chǫ Community Services Agency says it has since made changes to prevent similar future issues.
On November 16, 2022, a casual community health nurse at the Marie Adele Bishop Health Centre mislabelled a specimen collected from one person – referred to as Client A – with information for another person with a similar name, Client B, according to NWT information and privacy commissioner Andrew Fox’s report.
The specimen was sent to two laboratories for testing and the test results were put on Client B’s electronic medical record, even though they belonged to Client A.
The nurse did not immediately notice the error and called Client B to relay the results and recommend treatment. Client B reported having symptoms that were consistent with the results and, despite not remembering providing a specimen, requested and received treatment based on the nurse’s recommendation.
Advertisement.
Advertisement.
The nature of the specimen collected, test results and recommended treatment were not detailed in Fox’s report, though it states the treatment did not require in-person attendance at a health centre.
Client A did not contact the health centre to inquire about their test results. The Tłı̨chǫ Community Services Agency, or TCSA, said that is not unusual as clients are told they will only be contacted if results indicate the need for a follow-up.
Mistake not reported or investigated for months
The nurse noticed the mistake on November 22, six days later, and reported it to the nurse in charge at the health centre. The nurse in charge told the community health nurse to report it through the Tłı̨chǫ Community Services Agency’s incident reporting system.
The nurse never submitted a report, explaining later that work was busy and there was not enough time to do so.
Advertisement.
Advertisement.
Some time between April and June 2023, another community health nurse noticed the absence of test results on Client A’s medical record during an unrelated visit. The nurse reported the error to the nurse in charge, who told the nurse to file a report with the incident reporting system.
That nurse also did not do so, saying they were unfamiliar with the reporting system and felt it should be the responsibility of the nurse in charge.
The nurse in charge eventually reported the issue on June 30, 2023 and the TCSA began investigating the privacy breach in October 2023.
The agency contacted Client A about the error in November 2023 and asked them to provide new specimens for testing.
Fox said the significant delay in reporting and investigating the mistake was “unreasonable and unacceptable” and directly impacted the health services of the clients involved.
What led to the mistake and delayed response
Client A and B shared the same first and last name, were of similar ages and were born in the same month. They had different birth dates, middle names and healthcare numbers, and lived in different communities.
Fox’s report notes that “misidentification of clients with similar names and demographics is a known risk for territorial health information custodians.”
TCSA policy requires staff to use at least two person-specific identifiers when confirming a client’s identity, such as their full name including middle name, home address, date of birth, healthcare number or photograph.
Advertisement.
Advertisement.
Had the community health nurse followed that policy when labelling Client A’s specimen, Fox concluded, the error likely would not have happened.
According to Fox’s report, the nurse never completed privacy training while working at the Behchokǫ̀ health centre, which he said would have likely included training on the use of two person-specific identifiers
TCSA policy mandates that all employees must complete privacy training within three months of being hired and then annually thereafter. The agency said in April 2025 that approximately 70 percent of staff were up to date on privacy training.
“There is room for improvement: a mandatory training regime should have a much higher completion rate,” Fox wrote.
Fox noted the nurse in charge at the health centre was responsible for ensuring staff completed privacy training and should have ensured the labelling error was reported in a timely manner.
He characterized communication about the labelling issue between the nurse in charge and the two community health nurses as “poor.”
While a quality assurance and risk manager is ordinarily responsible for investigating privacy breaches, that position at TCSA was vacant until September 2023.
Once the position was filled, Fox said the new manager noticed the breach and acted quickly.
Advertisement.
Advertisement.
He said it was “highly concerning” that other staff at TCSA did little to address the matter. He said the manager’s appropriate response demonstrates “the importance of having a senior position oversee the management of privacy breaches.”
TCSA makes improvements
The TCSA told Fox it had made changes to ensure all employees complete privacy training, including:
creating a mandatory policy that requires all contract employees to complete privacy training before beginning their assignments;
providing compensation for training time to encourage employees to complete training;
creating a system to track employees’ completion of privacy training;
providing employees regular updates on privacy practices and changes to policies or regulations;
providing online training to improve accessibility; and
running awareness campaigns on the importance of protecting patient privacy.
The agency said it plans to use the mislabelling case as a training example.
The agency said it has also placed a “same name alert” on the electronic medical records of Client A and Client B to help avoid confusion in future.
Fox recommended that the TCSA provide privacy training to all staff within three months of hire and then annually thereafter, as required. He said the agency should refer to the mislabelling incident during training “to demonstrate the potential consequences of client identification errors and failing to immediately report a privacy breach.”
Fox further recommended that the agency ensure staff are adequately trained on the incident reporting system.
Related Articles