As a follow-up to the coverage of a patient privacy breach involving Wentworth-Douglass Hospital (WDH), Adam D. Krauss of Foster’s Daily Democrat reports that a number of agencies are now piling on.
Concern over Wentworth-Douglass Hospital’s handling of a broad privacy breach into patients’ records has widened with the Attorney General’s Office confirming it is reviewing what happened.
“It is something we’re looking into,” said James Boffetti, who leads the AG’s Consumer Protection & Antitrust Bureau.
Boffetti said he could not divulge specifics, but confirmed the bureau took over the case after a complaint was made to the agency’s Medicaid Fraud Unit.
He also said a relevant state law is RSA 359-C: 20, which requires notification of a security breach, something WDH representatives have acknowledged they did not do after learning of the breach, which lasted from May 2006 to June 2007. An audit wasn’t completed until May.
The hospital reviewed the law at hand but “determined that a report to the AG’s office or notification to the patients was not required by that law,” Noreen Biehl, vice president of community relations at WDH, said in a written response Thursday night. “That statute was not ignored; the hospital simply determined it did not apply to this situation.”
In the event of a breach, the law requires “any person doing business in this state who owns or licenses computerized data that includes personal information” to “notify the affected individuals as soon as possible” as well as the AG’s Office.
[…]
The Boston regional office of Centers for Medicare and Medicaid Services is also looking into the matter along with the College of American Pathology. The Joint Commission, which accredits and certifies health care organizations, concluded the hospital satisfactorily addressed the issue. The doctors also brought their case to the Office of Civil Rights of the U.S. Department of Health and Human Services.
Read more on Fosters.com.