Canadian pharmacist snooped in the health records of 46

health professional at computer with magnifying glass

A pharmacist spied on the electronic health records of people she knew and shared what she saw with her spouse

Catherine Tully, the Information and Privacy Commissioner for the Canadian province of Nova Scotia, has released privacy breach investigation reports regarding the activities of the pharmacist.

On December 21, 2017, she began investigating a series of privacy breaches involving a pharmacist, Robyn Keddy, who was employed as the manager of a rural community pharmacy operated by the Sobeys National Pharmacy Group.

The Commissioner determined that the pharmacist had inappropriately accessed personal health information, including prescription history and medical conditions of 46 individuals over a period of two years.

The Department of Health and Wellness initially told Ms Tully that the breaches had been contained and that there was “no evidence” of malicious intent.

However it transpired that Ms Keddy had used the provincial Drug Information System (DIS) to get hold of information about people she had a personal relationship with, including her child’s romantic partner and her parents; her child’s friends, teachers and former teachers; a former classmate from high school; her own former teacher, now deceased; and a person with whom she had been involved in a car accident.

The Commissioner also determined that the pharmacist had created false profiles in order to access personal health information, and had disclosed sensitive health information to her spouse.

At one stage she was heard telling her spouse that her child was not able to see a particular person “because of the medications she and her parent were on”.

She also accessed the records of co-workers and discussed the accesses with pharmacy employees, who said that they had been too frightened to come forward because Ms Keddy was also the pharmacy’s manager.

One had tried to come forward to the Department of Health and Wellness anonymously, saying she feared reprisal, but said she had not received a callback after leaving a message.

“An employee confirmed her spouse was approached by the pharmacist at their home with a document the pharmacist had prepared for signature that claimed the individual had consented to the access and fabricating a reason for the access,” one of the reports stated.

“This employee also had second hand knowledge that the pharmacist had approached up to a dozen other affected individuals in a similar manner.”

Even after Ms Keddy’s employment at the Sobeys pharmacy had been terminated, she continued to use the DIS to get information about people she knew.

Witnesses told the Commissioner that Ms Keddy used the DIS and/or Client Registry to get the personal information of people who were not even clients of the local pharmacy, or who were not receiving or requesting any service from the pharmacy at the time of access.

“The temptation to “snoop” is difficult for some individuals to resist,” Ms Tully said in a statement.

“Custodians of electronic health records must anticipate and plan for the intentional abuse of access by authorized users.”

She later spoke to CTV News Health and said that the pharmacist’s snooping highlighted a “real and present danger” of health professionals intruding into the lives of patients.

“This is a pharmacist, a professional with ethical obligations,” she said.

“It’s shocking that somebody in a position of trust would breach that trust so badly and would fail to recognise the importance of preserving the right to privacy and the integrity of the individuals whose information she breached.”

The reports make 18 recommendations to improve auditing programs and strengthen breach protocols.

At a hearing committee before the Nova Scotia College of Pharmacists, Ms Keddy’s licence to practise pharmacy in the province was suspended for six months.

She was also given a letter of reprimand and ordered to pay a fine of CAD$5000 (AUD$5201) to the Nova Scotia College of Pharmacists.

She was ordered to enrol in and successfully complete a business ethics course.

Previous Minister wrong on privacy, says News Corp
Next Dropped action based on ‘unreliable claims’

NOTICE: It can sometimes take awhile for comment submissions to go through, please be patient.


  1. Ex-Pharmacist

    Don’t ya love how seriously community pharmacy in Australia takes customer privacy? 17 year old kids working in their local pharmacy, can type any name into the dispensing software & view an entire drug history. I once saw a school girl look up their math’s teacher & saw his extensive history of Viagra & Cialis. Wonder if she blabbed that about in her math’s class. God help us when those same kids have access to SafeScript (Real-time Prescription monitoring) of a state population and then possibly the entire country. My-Health-Record too. Yep, community pharmacy, your medication history is safe with us, because we are professionals… Earning a professional wage… *cough*

    • Jarrod McMaugh

      Stephen, then only pharmacist you talked about in this response is yourself, observing a student accessing information that they shouldn’t. That would be your role to prevent that.

      Perhaps you should look to your own practice… maybe this is the source of your screen name?

      MyHealthRecord and SafeScript both require Individual identifier numbers to log in. These things are trackable. Access without them isn’t possible, and if a pharmacist were to behave like the one from Canada in this story, they would be referred to AHPRA for professional misconduct, as well as DHHS (vic) or digital health agency (National) for breaches of regulation.

      • Ex-Pharmacist

        Thanks Jarrod for info. re: MHR & SS, good to know it is tracked.
        Will be interesting to see how this will work in a busy dispensary, where a pharmacist is logged in & then required elsewhere, leaving a logged in session open for anyone to view.
        I fully expect the poor lackey pharmacist will be held 100% accountable in this situation if the junior staff decide to look-up anyone e.g. “MCMAUGH, Jarrod” for example.

        The situation I described above re: schoolgirl looking up math teacher; was slightly different. FRED did not require a password nor have any user tracking. The dispensary had 2 FRED terminals with several dispensary assistants doing most of the hack work. I witnessed the privacy breach after the event and only by chance. My point is how easy it is to do this, by anyone who has access to the dispensary. My screen-name has more to do with earning 2.0x salary with 0.5x responsibility & 0.25x workload, outside pharmacy.

        • pana79

          Sounds like you went into Finance.

        • Jarrod McMaugh

          If I were logged in to MyHR or SafeScript and left the terminal, then someone else logged in, then I am 100% responsible for this.

          As a pharmacist in charge, I am also responsible for information being access by staff. In your case, you were responsible for the junior staff member; as was the proprieter (if this was a separate individual).

          Btw not only is MyHR tracked, but any person can set up instant alerts, so you know when someone accesses your record in real time… and who that is.

  2. pana79

    Access to MyHR requires a Pharmacist to put in their individual password in FRED before you can see anything. Requesting Emergency Access to the record will result in a “Please Explain” letter from the Aus Digital Health Agency (or whatever they are called) as to why emergency access was requested.

    From what I saw from Safescript at APP this year – I think even if you wanted to snoop – the process would be so onerous that it would put you off it…… dreading when that comes into force in Vic.

    • Harriet Wright

      Interesting because it doesn’t in MINFOS. I am going to suggest MINFOS add this in because as someone says above, all assistants could look at any time that I am busy elsewhere. Whilst I trust my assistants, it is important that there is a record of who accessed at any given time.
      On the subject of schoolkids looking up their teachers, I agree that the pharmacist takes responsibility for actions in the shop. We have always declined to hire local schoolkids because in a small town it is just uncomfortable for teachers to have their pupils access their health records in any form.

Leave a reply