DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update: AG reviewing WDH patient records breach

Posted on December 4, 2009 by Dissent

Adam D. Krauss reports:

Concern over Wentworth-Douglass Hospital’s handling of a broad privacy breach into patients’ records has widened with the Attorney General’s Office confirming it is reviewing what happened.

“It is something we’re looking into,” said James Boffetti, who leads the AG’s Consumer Protection & Antitrust Bureau.

Boffetti said he could not divulge specifics, but confirmed the bureau took over the case after a complaint was made to the agency’s Medicaid Fraud Unit.

He also said a relevant state law is RSA 359-C: 20, which requires notification of a security breach, something WDH representatives have acknowledged they did not do after learning of the breach, which lasted from May 2006 to June 2007. An audit wasn’t completed until May.

The hospital reviewed the law at hand but “determined that a report to the AG’s office or notification to the patients was not required by that law,” Noreen Biehl, vice president of community relations at WDH, said in a written response Thursday night. “That statute was not ignored; the hospital simply determined it did not apply to this situation.”

Read more on Fosters.com.

Category: Health Data

Post navigation

← Mental Health Social Network Launched
NH: AG reviewing WDH patient records breach →

3 thoughts on “Update: AG reviewing WDH patient records breach”

  1. Anonymous says:
    December 5, 2009 at 1:08 pm

    I am familiar with the details of this episode. It should be noted that besides the HIPAA violations involved, hundreds of pathology reports were altered in a variety of ways by the transcriptionist in an attempt to disrupt the dissemination and accuracy of these reports. Some of these alterations may constitute criminal tampering with the medical record. Depending on DOJ’s findings in their investigation of this breach, this may be one of the most significant cases of altering the EMR reported thus far. That it was accomplished by a transcriptionist with relatively little computer training on the software is certainly worrisome.

  2. Anonymous says:
    December 5, 2009 at 1:49 pm

    You raise a really scary point, TLM. And maybe as we listen to people present assurances about how EMR will be secured, we should raise this case as an example and ask what prevents one person or a few from totally destroying the accuracy of EMR that may be relied upon in life-threatening situations.

  3. Anonymous says:
    December 5, 2009 at 3:08 pm

    There are several issues to this particular case that are worth understanding. The transcriptionist’s unauthorized entry into the client side of the PowerPath software used in the lab, along with her data alteration on multiple cases in different fields in the system, went on for 13 months. This despite alarm bells being raised early on by lab personnel all the way to the top of hospital administration. A lab worker finally tracked down the culprit by following electronic changes made in the software, something the IT and Transcription departments were apparently unable to do. Typically, the hospital’s CEO sought to squelch any investigation into the breach.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.