Adam D. Krauss brings us the latest on the controversy over a breach at Wentworth-Douglass Hospital:
A state investigator says after reviewing additional information he still doesn’t think Wentworth-Douglass Hospital had to notify patients impacted by the privacy breach.
James Boffetti, who leads the Office of the Attorney General’s consumer protection and antitrust bureau, said the breach didn’t trigger the state’s notification law even though personal information was improperly viewed by an ex-employee.
“What we know is she, as an apparent act of retaliation against her former employers, tampered with certain fields of information,” including patients’ genders, addresses and where their reports should be sent, he said. But “there isn’t any indication that she misused the information.”
RSA 359-C: 20 says in the event of a breach those doing business in the state must determine whether personal information will be misused and mandates notification of those affected if misuse has occurred, is reasonably likely to occur or if a determination cannot be made.
Read more on Foster’s Daily Democrat.