Patient records found at Yellowknife dump in 2019, report reveals

Last modified: December 8, 2021 at 11:23am

Another discovery of patient health data at a Northwest Territories dump has come to light following a report from the Office of the Information and Privacy Commissioner. 

The privacy commissioner’s annual report, tabled in the legislature on November 24, reveals a “particularly significant” case in which patient records were discovered at Yellowknife’s dump in July 2019.

The commissioner’s review report of that incident, first published in August 2020, states a member of the public found more than 60 CDs from Stanton Territorial Hospital left in an area of the dump intended for construction waste.


Written on the front of many, in visible black marker, were patients’ names, birth dates, healthcare numbers, and descriptions like “breast exam” or “scrotal.” 

The individual alerted dump staff and took photos of the CDs, which they sent to an unnamed MLA to notify them of the incident. 

“The chance of the CDs being discovered by salvagers, laying on the open ground as they were, was almost certain,” wrote Elaine Keenan Bengts, the privacy commissioner at the time.

“Given the popularity of social media sites these days, photos of the CDs could easily have been, but were not, uploaded and circulated on social media.” 

While there was a clear privacy breach, Keenan Bengts struggled to determine the full extent as staff at Yellowknife’s dump had compacted, baled, and buried the CDs before investigators reached the scene. 


“Unfortunately, the verifiable truth of the matter is largely buried in the dump,” her report states. 

Keenan Bengts said a “very lengthy and slow regular chain of command” within the NWT government regarding health privacy breaches was partly to blame. 

Messy move to a new hospital

The CDs were among items removed from the former Stanton Territorial Hospital building during the move to the hospital’s new, neighbouring site in the first half of 2019.

“Transferring and handling records is a significant part of a move from one hospital to another. In theory, all records should have been accounted for and moved in a controlled manner, regardless of whether they were for storage or destruction, and in whatever form they existed,” Keenan Bengts wrote.


Why the CDs ended up at the dump instead of being securely destroyed remains unclear, she said. Theories include that they were directed to the wrong “disposal stream,” hidden in furniture, or misidentified as biomedical waste.

While the project manager overseeing decommissioning of the old hospital building believed waste would be taken to the back of the dump and buried away from public access, contracted movers said their path to that area of the dump was blocked.

The CDs were not the only item left in the construction waste area. Also dumped there were unused needles, a lead apron, binders, manuals, and furniture from the old hospital. 

Keenan Bengts said it’s unclear what, if any, instructions were given to the movers about where and how they should dispose of items at the dump. They were not trained to handle private documents.

The commissioner pointed out that the NWT’s health authority broke its own rules in that regard, which require that all employees – even contractors and volunteers – complete privacy training. She said had the movers received “even a 25-minute crash course” on privacy and what to look out for, the CDs may not have been dumped. 

Another problem, the report states, is that the Department of Infrastructure had taken over management of the old hospital to oversee decommissioning of the building. One witness stated the department did not give health authority staff enough time to ensure the building was thoroughly emptied before they changed the locks on the doors.

Keenan Bengts said she was “alarmed” to learn the department was “not particularly helpful” during an initial investigation into the privacy breach launched by the health authority.

Warning signs ignored

Many warning signs that a privacy breach was likely to occur went unheeded, Keenan Bengts said.

During a final sweep of the old hospital building in May 2019, managers and supervisors uncovered hundreds of CDs, old blueprints, audio tapes, triage records, dictation tapes, and dietary records containing private information that should have already been removed. The medical clinic in particular was described as being “not in good shape.” 

Then, in July, workers hauling garbage from the site found papers, dozens of CDs scattered on the floor, and a blank prescription pad.

“It is concerning just how many records were left behind and, as a consequence, the number of people made privy to that information who were not involved in those patients’ healthcare,” Keenan Bengts wrote. “I expect other records may have unwittingly made their way into these grey wheeled carts and been sent to the dump.”

Even after the CDs were discovered at the dump, health authority staff found information identified as being “sensitive to the organization” at the old hospital.

The dump discovery was not the only privacy breach associated with the hospital move. Another incident occurred when a filing cabinet from the old hospital taken to the Department of Justice for reuse was found to still contain confidential items, including a staff leave sheet and an employee sick note. 

While many parties were involved in closing down the old hospital, Keenan Bengts concluded responsibility for the privacy breach ultimately lies with the chief executive of the health and social services authority, who “failed to provide adequate leadership” regarding record management. 

Even prior to the move, Keenan Bengts said, the investigation showed record management “was not a high priority” for the health authority and staff were not properly trained to handle sensitive records, even in everyday use. 

“This is hugely concerning,” Keenan Bengts wrote, describing the issue as years-long. “Privacy is not an ‘add-on.’ It is an integral part of health service provision.” 

Incident similar to Fort Simpson case in 2018

Keenan Bengts said it was “disappointing” that the Yellowknife incident occurred mere months after a similar case in Fort Simpson, after which she had issued a stern warning to health officials that the territory was “ripe for a similar breach to occur.”

In December 2018, a resident told the CBC he had found documents containing patients’ mental health information at the Fort Simpson dump.

While Keenan Bengts said exactly how the documents came into the individual’s possession could not be confirmed, the incident highlighted problems with record management. At the time, she called for a full and urgent review of how documents are stored across the NWT.

“The point is that something very similar had just happened less than a year earlier and one would hope that NTHSSA would be on high alert and have put measures in place to prevent a similar event,” Keenan Bengts wrote of the Yellowknife incident.

The commissioner proposed 27 recommendations following the Yellowknife breach, which the health authority accepted in late May 2020. They included better supervision of item disposal, the hiring of more record management staff, a switch from paper to electronic records, and discouraging the use of CDs.

The NWT’s health authority and Department of Infrastructure have been approached for comment.