Privacy Reports
Decision Information
The Ministry of Health and Long-Term Care (the Ministry) notified the Information and Privacy Commissioner's Office (the IPC) about a possible breach of the Freedom of Information and Protection of Privacy Act (the Act ). The Ministry advised the IPC that five boxes of confidential laboratory records had gone missing and were presumed to have been mistakenly taken away as garbage. As a result, a privacy investigation was initiated by the IPC. In a follow-up letter to this office, the Ministry explained that, on the morning of September 19, 2001, staff at a specified laboratory (the laboratory) discovered that 5 boxes of test requisitions were missing. The test requisitions had been boxed in preparation for shredding, and were present in the laboratory at the close of business the day before. It was assumed that the boxes were emptied by the evening building cleaning crew and disposed of as routine garbage. An incident report was filed and an internal Ministry investigation was immediately initiated involving laboratory staff, the cleaning company and the waste disposal company. The Ministry also agreed to meet with an IPC mediator to discuss the details of their investigation and findings.
Decision Content
PRIVACY COMPLAINT REPORT
PRIVACY COMPLAINT NO. PC-010043-1
INSTITUTION: Ministry of Health and Long-Term Care
BACKGROUND OF THE COMPLAINT:
The Ministry of Health and Long-Term Care (the Ministry) notified the Information and Privacy Commissioner’s Office (the IPC) about a possible breach of the Freedom of Information and Protection of Privacy Act (the Act). The Ministry advised the IPC that five boxes of confidential laboratory records had gone missing and were presumed to have been mistakenly taken away as garbage. As a result, a privacy investigation was initiated by the IPC.
In a follow-up letter to this office, the Ministry explained that, on the morning of September 19, 2001, staff at a specified laboratory (the laboratory) discovered that 5 boxes of test requisitions were missing. The test requisitions had been boxed in preparation for shredding, and were present in the laboratory at the close of business the day before. It was assumed that the boxes were emptied by the evening building cleaning crew and disposed of as routine garbage. An incident report was filed and an internal Ministry investigation was immediately initiated involving laboratory staff, the cleaning company and the waste disposal company. The Ministry also agreed to meet with an IPC mediator to discuss the details of their investigation and findings.
ISSUES ARISING FROM THE IPC INVESTIGATION:
The following issues were identified by the IPC as arising from the investigation:
(A) Was the information in question “personal information” as defined in section 2(1) of the Act? If yes,
(B) Was the personal information disposed of in a secure manner as required by section 40(4) of the Act and Regulation 459?
RESULTS OF THE INVESTIGATION:
Issue A: Was the information in question “personal information” as defined in
section 2(1) of the Act?
Section 2(1) of the Act provides, in part:
"personal information" means recorded information about an identifiable individual, including,
(a) information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual,
(b) information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
(c) any identifying number, symbol or other particular assigned to the individual,
(d) the address, telephone number, fingerprints or blood type of the individual,
…
(h) the individual's name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.
The Contents of the Boxes
The Ministry confirmed that the 5 boxes in question (each 10”x9”x12”) contained several hundred pages of laboratory test requisitions, as well as some laboratory reports. It further advised that the requisitions contained patient’s names, physician’s names and the type of test requested.
During the investigation, the Ministry provided the IPC with sample copies of laboratory test requisitions and reports. I have reviewed these documents and note that test requisitions include information such as: patient’s name, address, date of birth, sex, health card number, physician, test requested, specimen type and site, reason for test and clinical information. Laboratory reports include patient’s name, date of birth, sex, health card number, physician, tests performed, reason for testing, test results and final interpretation.
Based on the above, I conclude that the records in question contain personal information as contemplated by section 2(1) of the Act. The Ministry does not dispute this finding.
Conclusion: The information in question was personal information as defined in section
2(1) of the Act.
Issue B: Was the personal information disposed of in a secure manner as required
by section 40(4) of the Act and Regulation 459?
Section 40(4) of the Act deals with the disposal of personal information. It states:
A head shall dispose of personal information under the control of the institution in accordance with the regulations.
Ontario Regulation 459, implemented under the Act, pertains to the disposal of personal information. Sections 4(1) and 5 of the regulation provide as follows:
4(1) Every head shall ensure that all reasonable steps are taken to protect the security and confidentiality of personal information that is to be destroyed, including protecting its security and confidentiality during its storage, transportation, handling and destruction.
5 Every head shall take all reasonable steps to ensure that when personal information is to be destroyed, it is destroyed in such a way that it cannot be reconstructed or retrieved.
Summary of the Ministry’s investigation and findings:
The IPC mediator attended a meeting at the laboratory on November 15, 2001 to discuss the Ministry’s investigation and findings, as well as to obtain copies of all relevant documents referred to in this Report. In addition to the IPC mediator, the following individuals were in attendance: the Ministry’s Freedom of Information Team Lead, the laboratory’s Manager of Direct Services, the building’s Facilities Manager, and the laboratory’s Operational Review Officer.
By way of background, the Ministry explained that all confidential records, such as laboratory test requisitions and reports, are stored in secure file cabinets until ready for destruction according to its records retention schedule. At that time, they are relocated to a locked central holding area in the laboratory prior to shredding. Access to the holding area is restricted to Ministry staff. The laboratory then disposes of all confidential documents through the use of pre-arranged on-site shredding by a bonded shredding company.
The Ministry further explained that there are some confidential documents which the laboratory is not required to retain, such as duplicate or poor quality copies of the original laboratory tests. The duplicates are kept in the work area and periodically transferred to the locked holding area for shredding. In this case, the documents in question consist of duplicate copies of test requisitions as well as a small number of poor quality test reports. The documents in question were in temporary cardboard storage boxes in a laboratory testing area and were present in the laboratory on the evening of September 18, 2001 when staff left at the end of the day. When staff returned the following morning, they discovered the boxes missing, and it was assumed that they were disposed of as routine garbage by the evening cleaning crew.
The Cleaning Company
The Facilities Management Services sub-contracts cleaning duties to a named cleaning company (the cleaning company) through a janitorial contract agreement. This agreement contains a detailed confidentiality clause, a copy of which was provided to this Office. The Facilities Manager explained that the cleaners routinely attend the laboratory premises between 8:00 p.m. and 7:00 a.m. During this time they are required to conduct basic cleaning duties, such as mopping and dusting, as well as to dispose of any garbage left in the offices. He advised that all cleaners are bonded employees and have received extensive training from both their supervisor and a lab technologist regarding safety measures and confidentiality provisions for working in the laboratory.
During their investigation, the Ministry discovered that, on the evening in question, the cleaning company had allowed a temporary cleaner to fill in for a regular employee who was normally responsible for the area in which the boxes were located. The manager of the cleaning company indicated that the floor supervisor had instructed the cleaner as to what should be removed from the room; however, these instructions were not followed. In a letter dated September 25, 2001, the cleaning company confirmed that the cleaner on duty had disposed of the boxes in the regular garbage. The cleaning company advised that the cleaner had placed all of the material into black plastic garbage bags, and that these bags were then transferred and placed into the laboratory’s dumpster that evening.
The Waste Disposal Company
During their investigation, the Ministry contacted the waste disposal company in an attempt to retrieve the material and to gather further details regarding this incident. In a letter dated September 22, 2001, the waste disposal company confirmed that truck #325 had emptied the laboratory dumpster at approximately 5:00 a.m. on the morning of September 19, 2001 and proceeded to the waste disposal company site where the truck was unloaded at 7:33 a.m. The material was then immediately loaded on to a larger truck leaving for a Michigan landfill site by 8:00 a.m. It arrived at the landfill site, Carlton Farms Inc., in Carlton, Michigan at approximately 1:00 p.m. on the same day. The company indicated that it is impossible to recover this material.
The waste disposal company provided a follow-up letter to the Ministry on September 26, 2001, indicating that all shipments of material that go to the Carlton Farms Inc. landfill site in Michigan are dropped into a large hole and mixed with at least 100,000 tons of material per day. They advised that this makes the recovery of any of this material absolutely impossible.
Discussion:
The Manager of Direct Services advised the mediator that all laboratory staff adhere to the policies and procedures contained in the following two documents:
• Ontario Ministry of Health, Laboratory Services Branch, Confidentiality and Security Policy, dated February 23, 1998; and
• Management Board Secretariat Internal Operating Policy for Handling and Security of Confidential Documents, dated March 2001.
Each document provides comprehensive guidelines for the handling and security of confidential documents. Although the Ministry had taken many reasonable steps to protect the security and confidentiality of personal information, it is clear that, in this case, the records in question were not securely stored prior to their destruction. In contrast to the records which are stored in secure file cabinets until ready for destruction, the duplicate and poor quality records are not kept in a secure manner in the work areas. This contributed to the inappropriate disposal of these records by the cleaning staff. As a result of this, the Ministry has taken corrective measures to ensure the protection of personal information in the future, as outlined below.
In light of the Ministry’s internal investigation and findings, I conclude that the personal information was not disposed of in a secure manner, as required by section 40(4) of the Act and Regulation 459. The Ministry does not dispute this finding.
Conclusion: The personal information was not disposed of in a secure manner as
required by section 40(4) of the Act and Regulation 459.
STEPS TAKEN BY THE MINISTRY:
As noted above, upon learning of the missing boxes, the Ministry immediately initiated an internal investigation and notified this Office about a possible breach of the Act. In addition, the Manager of Direct Services at the laboratory implemented the following interim and permanent measures to prevent a similar situation from reoccurring:
- On September 25, 2001, the Manager of Direct Services implemented an Interim Policy, “Storage of Confidential Records”, which required that all confidential records being held for shredding must be transferred to the locked holding area at the close of each business day. This policy was effective immediately, and required one staff member from each department to assume daily responsibility for this process.
- In addition to the daily transfer of material to the locked holding area, the Manager of Direct Services implemented an interim policy for colour coding of garbage bags, which required all confidential material accumulated during the day to be collected in blue plastic bags. The facilities management services was instructed in writing that the cleaning company is only to collect and dispose of waste that is in black plastic garbage bags.
- As a permanent measure, the laboratory installed 25 locked shredding boxes, and contracted an on-site shredding company to conduct regular shredding of the documents. A copy of the service proposal has been provided to this Office. In addition, the laboratory’s Operational Review Officer has conducted a shredding audit of all regional laboratories to ensure compliance with the Act and Regulations.
- The cleaning company’s supervisor met with all cleaning staff to remind them of the confidentiality provisions. The Ministry also advised this Office that temporary cleaners will no longer be permitted to fill in for regular cleaning staff at the laboratory.
- On September 26, 2001, the Manager of Direct Services distributed a confidentiality audit (Audit #1) entitled “Self Assessment of Confidentiality in the Ontario Public Health Laboratories” to each regional laboratory manager in the province. The Manager of Direct Services also conducted a conference call with all regional managers to discuss the purpose of this audit, and requested that it be completed and returned to him by the end of the day. The audit contained questions relating to faxing, printing and computer procedures, as well as the storage, archiving and disposal of personal information at each of the 11 regional laboratories. The Ministry has confirmed that this was completed, and provided the IPC with supporting documentation.
- The Deputy Minister distributed a Memorandum to all Ministry staff regarding the handling and security of confidential information, along with best practices and fact sheets. On October 2, 2001, the Manager of Direct Services re-distributed this Memorandum to all laboratory managers with the requirement that it be read and signed off by all staff. The Manager of Direct Services also requested the signature sheet to be completed and returned to him by October 12, 2001. The Ministry has confirmed that this was completed, and provided the IPC with supporting documentation.
- Shortly after this, the Deputy Minister sent all Senior Management Group (SMG) managers in the Ministry a confidentiality audit (Audit #2) from the Corporate Management Branch. This document, dated 2001, is entitled “Handling and Security of Confidential Information: Self Assessment for Managers”. The Manager of Direct Services took the lead on this project, and distributed the audit to each laboratory manager in the province. Managers were asked to complete and return this assessment to him by October 17, 2001. The Ministry has confirmed that this was completed, and provided the IPC with supporting documentation.
CONCLUSIONS:
I commend the Ministry for its actions upon learning that the boxes were missing, and for the steps taken to conduct a thorough internal investigation. I also highly commend the laboratory’s Manager of Direct Services for the interim and permanent measures that were put in place to prevent a similar situation from reoccurring, not only at this particular laboratory, but at all regional laboratories in the province.
I have reached the following conclusions based on the results of this investigation:
1. The information in question was personal information as defined in section 2(1) of the Act.
2. The personal information was not disposed of in a secure manner as required by section 40(4) of the Act and Regulation 459.
3. Necessary steps have been taken to ensure the protection of personal information in the future, including protecting its security and confidentiality during its storage, transportation, handling and destruction.
RECOMMENDATION:
I recommend that the Ministry ensure the following action with respect to the laboratory’s confidentiality and security policy:
1. I recommend that the laboratory review the results of the two confidentiality audits (Audit #1 and Audit #2) that were distributed to all managers, and determine whether any further changes should be implemented. Any necessary changes should be identified and incorporated into the laboratory’s existing Confidentiality and Security Policy, and all staff should be advised of these changes.
The Ministry should provide the Office of the Information and Privacy Commissioner with proof of compliance with the above recommendation by August 15, 2002.
Mediator