Mitch Dudek reports:
A mother is suing Lurie Children’s Hospital and two former employees who allegedly accessed the medical records of her 3-year-old daughter, who underwent a sexual abuse examination at the hospital early last year.
The mother received a letter from the hospital in late December informing her a nursing assistant had been accessing her daughter’s medical records “without a work-related reason,” according to the lawsuit.
Read more on Chicago Sun-Times.
Earlier this week, DataBreaches.net had contacted Lurie to ask whether the incident recently reported to HHS was a snooping incident like the one reported in December or something different.
Based on this news report and the hospital’s statement on their website, this appears to be the same type of problem — employee wrongdoing (snooping in patient records), but different employees.
So how will OCR deal with the hospital after having two such long-term incidents? And what has Lurie done — other than firing one or more employees? How will they prevent snooping in the future? Are they going to deploy software to monitor and audit access? Are they implementing “break the glass” for some kinds of admissions or cases?