Adam D. Krause remains all over this story:
A doctor impacted by the privacy breach at Wentworth-Douglass Hospital says a second employee improperly accessed and changed patients’ records but never lost her job.
“There was another woman that’s still working at the hospital,” said Dr. Cheryl Moore, whose Piscataqua Pathology Associates group was contracted to run pathology lab at WDH. “She did the same thing as the first lady, but to a lesser degree.”
Unlike the woman who lost her job, this employee escaped punishment because Gint Taoras, the lab director and a WDH employee, and Dalma Winkler, the hospital’s privacy officer, halted a full audit of what she had done, Moore claims.
“They reviewed a few cases just to see they were … looking at similar records,” Moore said Tuesday, but the hospital didn’t review more cases “because they didn’t want to know that they had more trouble.”
[…]
WDH spokeswoman Noreen Biehl confirmed Tuesday only one person lost their job as a result of the breach but didn’t immediately respond to the allegation of an “accomplice” or whether another employee was involved in some way.
[…]
In another development, a state investigator says he’s reviewing information he didn’t have when he determined Wentworth-Douglass Hospital didn’t have to notify patients whose records were improperly viewed or altered in a 13-month privacy breach, which involved about 1,800 unauthorized patient record views from May 2006 to June 2007.
Read more on Fosters.com
Okay, clearly this is a messy case, but it does highlight the concerns some privacy advocates (like myself) have about allowing an entity to determine whether there is a risk of harm standard met that warrants notifications, even when it comes to reports involved now-deceased patients. Tampering with medical records is cause for serious concern.