Former Northwell hospital employee charged with HIPAA violation for snooping 13,000 patient EHRs

Huntington (N.Y.) Hospital, part of New Hyde Park, N.Y.-based Northwell Health, began notifying about 13,000 patients that their protected health information was improperly accessed by a former employee, the hospital said in a Nov. 24 online notice. 

The hospital determined that a night-shift employee inappropriately accessed patient information between October 2018 and February 2019. The employee was immediately suspended and later terminated.

Huntington Hospital worked with law enforcement on the incident investigation, which "included following instructions to delay notifying any patients who were potentially impacted by this incident through November 2021," according to the hospital's online notice.

The former employee is being charged with a criminal HIPAA violation as a result of the investigation, the hospital said. 

Patient information that may have been exposed by the incident included names, birth dates, addresses and medical record numbers. No Social Security numbers, insurance information, credit card numbers or other payment-related information was accessed.

Huntington Hospital is offering all patients affected by the incident one year of free identity theft protection services. The hospital has also strengthened its access controls and provided targeted re-training of staff on patient confidentiality practices. 

 

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars