Tewksbury Hospital discovers 14-year-long data breach affecting 1.1k

Tewksbury (Mass.) Hospital, one of four hospitals operated by the Massachusetts Department of Public Health, discovered a former employee had inappropriately accessed  patients' protected health information for roughly 14 years.

In April, a former patient expressed concern someone may have inappropriately accessed their EMR. The hospital launched an initial investigation into the patient's allegation, which determined one hospital employee had seemingly accessed the former patient's records without reason to do so.

The finding sparked a broader review of the employee's use of its EMR. The probe revealed the employee had inappropriately viewed the PHI of nearly 1,100 patients treated at the hospital from 2003 to May 2017.

The employee responsible no longer works at Tewksbury or has access to its systems. The hospital has not discovered any indication patient information was misused.

The hospital says it is reviewing its EMR training programs and practices, including its workforce members' access to patient data. The hospital has also provided written notice to affected patients and reported the incident to the Massachusetts Attorney General's Office, Massachusetts Office of Consumer Affairs & Business Regulation and the HHS Office for Civil Rights.

Becker's has reached out to the Massachusetts Department of Public Health for comment. This story will be updated as more information becomes available.

More articles on health IT: 

Northwell Health teams up with Israel Innovation Authority to enhance patient care

Personalized medicine may help Sen. John McCain: A pathology expert weighs in

AI interprets genome sequencing in 10 minutes, study finds

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars