Adam D. Krause continues to follow allegations of a breach that may not actually be a breach involving Wentworth-Douglass Hospital:
The Office of the Attorney General has determined there is “insufficient evidence” to investigate a Wentworth-Douglass Hospital transcriptionist who was alleged to have improperly accessed records of hundreds of patients.
Jim Boffetti, who heads the AG’s Consumer Protection and Antitrust Bureau, said the employee accessed the records of 662 patients for a total of 900 times between June 2006 and December 2007 but “it looked like she was acting in the scope of her employment when she did this.”
Concord attorney Charles Grau, who is representing two former WDH pathologists, had asked Boffetti’s office to determine if the hospital had to report the employee’s access on the basis it constituted a privacy breach.
“Our conclusion was that we found there was insufficient basis to support a reasonable suspicion” there were violations of federal or state law requiring disclosure of a privacy breach, Boffetti said
Read more on Fosters.com
Part of what continues to fascinate me about this case is that it seems that a disgruntled employee (not the one referenced above) can access patient records within the scope of employment and alter them, but there’s no mandate to report it as a privacy breach because there is “no misuse of the information.” Personally, I think accessing and altering patient information to get revenge on your employer is a misuse of patient information, but that’s just my opinion.