The Montfort Hospital in Ottawa is dealing with a serious breach of privacy.

25,000 patients have received letters in the last several days, after a USB key containing personal health information was lost.

Ginette Dominique says she was shocked when she opened the letter from the Montfort Hospital this morning. It concerned her daughter, who had been a patient at the hospital in October. The letter explained that “an unsecured USB key containing some of your personal health information has been recently lost.”

The letter further explained that the lost information included patient names and what they had done at the hospital but that there were no OHIP numbers,details on diagnosis or personal banking information.

“This is my child's records, my child's information,” says Dominique. “What data is out there, how many people have had the same thing happen to them. I don't know what's going on.”

The Montfort admitted today that letters have gone out to 25-thousand patients, after an employee used an unencrypted USB to bring work home.  The employee lost the key along the way.

“This employee felt terrible and did the right thing by reporting it immediately,” says  Philippe  Marleau, the vice-president of Quality Performance at the Montfort Hospital. Marleau says the use of the personal USB was an exception to the rule.

“We had to work with this employee to reconstitute the contents of the key to figure out if it was in fact it did qualify as personal health information.”

Marleau says  the hospital has been in contact with the Office of the Information and Privacy Commissioner. “They had a lot of questions, asked for documentation. We've provided it all, they offered great advice and we've make improvements that we have in place.”

This is the second time in a  year that the Montfort has lost personal health information.  The first time involved a much smaller group of patients.  Outside the hospital today, visitors reacted to the news.

“As a private citizen, I think that's kind of careless of the authority,” says Kim Poirrier.  “As you know with the cyber system, high tech, identify theft is a great concern.”

“I think it's an invasion of privacy as well,” added Helen Mcelroy, “and I think more and more measures have to be taken to ensure patients privacy.”

The hospital says the biggest measure it has taken is that within the next two weeks, no one in the hospital will be able to download anything except with an encrypted key. 

Montfort says if patients have not received a letter by the end of the day Monday, then they have not been affected by this breach of privacy.