Attempts to hold an entity liable for the wrongdoing of an employee has produced mixed results in the courts. Here’s a case in Indiana like that, below. As seen on The Indiana Lawyer:
Justices last week granted transfer in the case of Community Health Network, Inc. v. Heather McKenzie, et al., 20S-CT-648. Heather McKenzie’s medical records and those of other patients were accessed by an employee who was subsequently placed on administrative leave and ultimately fired.
I’m not sure this incident ever showed up on this site before, but I will be checking into it some more. An earlier Indiana Lawyer article linked to in this report provides some of the background and context for the insider snooping case.