Most read: Clerk accused of profiting from patient records

Most read: Clerk accused of profiting from patient records

Most read: Clerk accused of profiting from patient records In a bizarre case of misusing hospital records, former Rouge Valley Centenary Hospital clerk Shaida Bandali has been charged by the OSC with unregistered trading, contrary to s. 25(1) of the Securities Act.
 
Over a four-year period between January 2010 and March 2014, the former clerk is alleged to have taken birth records of newborns at the hospital and sold this information to several RESP dealers without informing the hospital or the patients.
 
Patients would receive phone calls soliciting RESP business almost immediately after giving birth. It’s thought the clerk might have accessed as many as 8,300 records over four years. It’s also possible that those records were resold to other financial services companies.
 
While it’s definitely a privacy breach of epic proportions, Toronto Police are not investigating Bandali at this point and don’t consider it a criminal matter.
 
However, the OSC in partnership with the RCMP and OPP are investigating this “quasi-criminal” matter under the auspices of the Joint Serious Offences Team (JSOT). Under these charges Bandali faces up to five years in jail less a day, a fine of up to $5 million or a combination of the two. She appears in court December 12.
 
The hospital, for its part, has apparently changed its systems so that it can track which employees have accessed these files. Whether this is enough to appease parents having children at the hospital in the future is anyone’s guess.
 
While Acting Privacy Commissioner Brian Beamish wouldn’t comment on this particular situation as his office’s investigation is still ongoing, he did state to the Toronto Star that penalties should be greater for privacy breaches made by health professionals.
 
WP has reached out to the RESP Dealers Association of Canada for comment. We’ve yet to hear back. We’ve also asked the OSC for clarification on the matter. We’ll report on this when more information becomes available.
 
One thing’s for sure.
 
Over the next few weeks we’ll definitely be exploring privacy concerns within the financial services industry. 
6 Comments
  • Chris Gaudet 2014-11-25 2:37:00 PM
    The public should be made aware of which organizations purchased this information. The buyers of names/phone numbers, should also be held accountable.
    Post a reply
  • Jeff Sanford 2014-11-25 2:38:44 PM
    Good point! Chris, they OSC should absolutely release this information. I could not agree more!
    Post a reply
  • Jeff Sanford 2014-11-25 2:39:10 PM
    Good point! Chris, they OSC should absolutely release this information. I could not agree more!
    Post a reply