As part of an investigation into data breaches and alleged inappropriate contracting, the British Columbia health ministry gave a consulting firm a six-figure contract without requiring it to compete for that work.
Records released Jan. 8 show the ministry paid $684,309.67 to Deloitte & Touche LLP to advise on the ministry of health data breaches that came to public attention in Sept. 2012.
The records also include a notice of intent to give Deloitte a further $650,000 in work between May and Sept. 2013 without competing, but it is unclear from what was released whether that contract went ahead. A ministry spokesperson could not provide an answer by publication time.
The government originally gave Deloitte a $75,000 contract starting Sept. 6, 2012, but extended it to $150,000 on Oct. 22, 2012 and to $611,000 on Jan. 8, 2013. The records show the government paid just under that amount, plus more than $73,000 in sales tax.
'Unforseeable emergency'
The less than five-month contract was awarded and extended without allowing other firms to compete for the work because of "an unforeseeable emergency," according to paperwork from Sept. 12, 2012 justifying the original direct award.
"The contract is necessary in regards to an incident involving the potentially inappropriate sharing of Ministry data," the document said. "It is urgent that the Ministry understand and address the issues related to this incident and action remediation options identified to address any control weaknesses."
Then health minister Margaret MacDiarmid announced the privacy breaches in Sept. 2012, as well as concerns about contracting and conflicts of interest. MacDiarmid lost her seat in the May 2013 election and has been replaced by Terry Lake.
The government's investigation led to the termination of seven health ministry employees and a stop on research contracts. It has also sparked five lawsuits and a grievance process on behalf of three of the former employees, one of whom was found dead in Jan. 2013 of suicide.
Cleaning up the breach
The records released this week include a one-page description of what Deloitte would do for the government. The description included confirming the reviews objectives, reviewing ministry documentation, interviewing some 25 people from seven ministry divisions, developing a "system inventory and data flow model" and developing a detailed work plan.
The documents identified five Deloitte personnel who would work on the project.
In June 2013, the ministry released the 22-page Security enhancement roadmap that Deloitte produced.
At the same time B.C. Information and Privacy Commissioner Elizabeth Denham reported on the breach, saying the ministry lacked reasonable security to protect personally identifiable information from unauthorized access or disclosure.
A May 27, 2013 "notice of intent to contract" form says Deloitte LLP would be given a further $650,000 contract without having to compete. That contract would cover up until Sept. 30, 2013 and would be to help the ministry interpret, plan and implement the road map the firm produced.
In 2012, Deloitte & Touche LLP and Deloitte Management Services LP donated $3,000 to the BC Liberal Party. The former also gave $1,000 to the BC NDP that year.
Read more: Health, BC Politics
Tyee Commenting Guidelines
Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.
Do:
Do not: