DPH: Ex-hospital worker accessed patient data

July 22, 2017

Personal and medical information of more than 1,000 patients at the state-run Tewksbury Hospital, including Social Security numbers and diagnoses, were inappropriately accessed by a snooping former employee over the course of 14 years, according to the Department of Public Health.

“We don’t have any indication that she inappropriately used any of the information,” said Tom Lyons, a DPH spokesman “We take patient privacy very seriously and we are working very hard to make sure this doesn’t happen again.”

DPH said it is not aware of any criminal investigation.

The employee, described as a clerk, is no longer employed by the hospital, DPH said. Lyons declined to say if the woman was fired, but said the woman, who was not identified, was employed when the investigation began.

While she was employed by the state-run hospital, the woman’s job included accessing medical records. She improperly viewed at least 1,100 patient records, including names, dates of birth, phone numbers, Social Security numbers and sensitive medical information from 2003 to 2017.

Officials began investigating after a former patient complained in April. Lyons declined to comment on the nature of the complaint, or how the patient learned of the breach.

Security experts have long warned of the potential vulnerabilities for patients, citing the potential treasure trove of personal information included in medical records.

Tewksbury Hospital has made it harder to access Social Security numbers and is reviewing its protocols for accessing medical records.