For the second time in as many years, Littleton Regional Hospital has reported a problem with employee snooping. On June 29, the hospital’s Chief Administrator Officer notified the New Hampshire Attorney General’s Office that on May 21, a hospital employee reported that another employee was improperly accessing patient records. The hospital’s audit of their computer system confirmed that an employee had accessed patient records for purposes not related to their care. The unauthorized access of several patients’ records included their contact information, dates of birth, insurance information, physicians’ names, medical history and allergies, date, type, time, and nature of physician visits, and provider notes for the visit.
The employee’s motivation was not revealed in the notification letter, but the hospital stated that it believes that the information was neither misused nor disclosed to any third party. The employee was fired as a result of the incident.
In the earlier incident, the hospital had reported that based on a patient complaint, they had conducted an audit that revealed that the former employee had improperly accessed the patient’s records on three occasions in the previous year.
I do not know how often the hospital audits its logs for unauthorized access, but these types of cases underline the importance of frequent and regular audits.