Melissa Howell reports that North Country Hospital in Newport, VT has been embroiled in another privacy breach involving employees. The hospital was in the news in October after a former employee refused to return laptops containing patient information. The employee was subsequently charged with petty larceny and possession of stolen property, but I haven’t seen any further follow-up on the case. Now Howell reports that the hospital:
received a regulatory citation from the Center for Medicare and Medicaid after two unauthorized employees viewed confidential medical records. It was discovered last fall that the hospital was not conducting proper surveillance when CMS made an unannounced visit.
Read more on WCAX.
As part of their corrective action plan, the hospital will be implementing an automated random audit system of access to patient records. Until now, they had reportedly operated on an honor system, which, frankly, is just plain stupid as we’ve seen way too many snooping cases and insider breaches for tax refund fraud to use any kind of “honor” system. It’s unfortunate that it took a citation to make them address access controls and auditing, but hopefully, things will improve going forward.
I am the guy charged with larceny and possession of stolen property. I would love to tell my side of this story. Thanks.
Would love to hear it. Can you email me a statement for publication at admin[at]phiprivacy.net? And please give me a working email address to reply to if I have questions. Thanks!