An insurance firm sent a client’s file to their underwriter; unfortunately, the file never made it back to the insurer. An internal investigation uncovered a violation of PIPEDA and resulted in a change of company protocol.
The following blog is a recount of an investigation done by the Canadian Privacy Commission.
Imagine one day you receive a letter from your insurer informing you that your personal file which includes your name; address; date of birth; salary; signature; and slew of your sensitive medical information has been lost. Likely, you would request some clarity on what really occurred.
The particular client whose information had been lost put in a complaint which sparked the insurance company’s internal investigation. The investigation uncovered that although there was no fraudulent activity or employee misconduct, faulty operational procedures as well as not having a file tracking system in place seriously contributed to the data breach.
These faulty operational procedures were in direct breach of The Personal Information Protection and Electronic Documents Act (PIPEDA). In using a courier system, the insurance company was not able to fully track the documents whereabouts at all times. As such, the file was lost with the insurance company’s underwriter.
Does this sound familiar? Relying on outdated technology has once again proven insufficient when transporting client data.
The company was fortunate enough not to have to pay a fine. However, if this case had occurred in the U.S., or if one of the parties or business associates had been from the U.S., the company could have been fined up to $1.5 million dollars in violation of HIPAA.
As a result of the incident, the company had to reassess its processes and move towards implementing a more secure way of transferring patient files. Their solution was a secure file transfer service. Now, files are electronically transferred and tracked accordingly. The insurance company claims, “no files have gone missing since the new processes were adopted.”
If you find yourself making the same mistake and reassessing your protocols with respect to client data transfer, TitanFile is the place to start; fully secure and fully trackable. Get started with us today.