Tewksbury (Mass.) Hospital, one of four hospitals operated by the Massachusetts Department of Public Health, discovered a former employee had inappropriately accessed patients' protected health information for roughly 14 years.
In April, a former patient expressed concern someone may have inappropriately accessed their EMR. The hospital launched an initial investigation into the patient's allegation, which determined one hospital employee had seemingly accessed the former patient's records without reason to do so.
The finding sparked a broader review of the employee's use of its EMR. The probe revealed the employee had inappropriately viewed the PHI of nearly 1,100 patients treated at the hospital from 2003 to May 2017.
The employee responsible no longer works at Tewksbury or has access to its systems. The hospital has not discovered any indication patient information was misused.
The hospital says it is reviewing its EMR training programs and practices, including its workforce members' access to patient data. The hospital has also provided written notice to affected patients and reported the incident to the Massachusetts Attorney General's Office, Massachusetts Office of Consumer Affairs & Business Regulation and the HHS Office for Civil Rights.
Becker's has reached out to the Massachusetts Department of Public Health for comment. This story will be updated as more information becomes available.
More articles on health IT:
Northwell Health teams up with Israel Innovation Authority to enhance patient care
Personalized medicine may help Sen. John McCain: A pathology expert weighs in