Tewksbury Hospital fires employee after long-term snooping

Access to the records of about 1,100 patients is said to have taken place over 14 years.


An employee at Tewksbury Hospital in Massachusetts was found to be occasionally snooping in patients’ electronic medical records without clinical justification.



The inappropriate access of medical records occurred from 2003 until it was discovered this past spring. Now, the facility—one of four hospitals in the Massachusetts Department of Public Health serving complex chronically ill adult patients and psychiatric patients—has notified more than 1,100 affected individuals.

Tewksbury officials say they learned of the breach in April, when a former patient expressed concern that their medical record may have been inappropriately accessed. Compromised data included names, addresses, dates of birth, gender, diagnoses and medical treatments. Less than half of the records involved viewing of Social Security numbers, according to the hospital.

Also See: Beacon Health System reports breach from employee snooping

The state’s department of health said it has terminated the employee.

“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” Tewksbury executives noted in a statement. “We are also reassessing how we review our workforce members’ use of the electronic medical records system and will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”

Tewksbury Hospital is advising affected individuals to notify credit reporting agencies, order a credit report and review it for signs of fraud, and request a security freeze to prevent the opening of new accounts using the compromised information.

In its notification to patients, Tewksbury is not offering credit monitoring or identity theft protection services. Currently, there is no indication that information has been accessed or misused, according to a spokesperson for the hospital.

The hospital declined to provide additional details about the incident, and did not comment on why the inappropriate access had gone undetected for 14 years.

More for you

Loading data for hdm_tax_topic #better-outcomes...