The State Organization Index provides an alphabetical listing of government organizations, including commissions, departments, and bureaus.
Top-requested sites to log in to services provided by the state
Tewksbury Hospital has become aware of an incident that may have compromised the security of some patients’ protected health information. While Tewksbury Hospital has discovered no indication that any patient information was actually misused, this notice contains details about the incident and our response to it. This notice also contains important information about steps people can take to protect their information.
In April of this year, a former patient expressed concern that someone may have accessed their electronic medical record inappropriately. A review conducted in response to this complaint revealed that one hospital employee appeared to have accessed the former patient’s records without a good reason to do so. This discovery led to a broader review of the employee’s use of the electronic medical records system at Tewksbury Hospital. As a result of this review, we were able to determine that the employee appeared to have inappropriately accessed the records of a number of current and former Tewksbury Hospital patients.
Individuals who may be affected include people who were patients at Tewksbury Hospital from 2003 through May 2017. We have provided written notice to affected patients for whom the hospital has current contact information. We are also posting this substitute notice in a good faith attempt to notify affected individuals for whom we have insufficient or out-of-date contact information that precludes written notification, or to whom we are otherwise not able to provide written notice.
The information that was inappropriately viewed included names, addresses, phone numbers, dates of birth, gender, diagnoses, or other information about medical treatment at Tewksbury Hospital. For some individuals, it may also have included a social security number.
The individual responsible for this incident is no longer employed by Tewksbury Hospital and no longer has access to the Tewksbury Hospital electronic medical records system. This incident has been reported to the Massachusetts Attorney General’s Office, the Massachusetts Office for Consumer Affairs and Business Regulation, and the U.S. Department of Health and Human Services Office for Civil Rights.
To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system. We are also reassessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.
There are some things individuals can do if they are concerned about the potential misuse of personal information. Individuals may wish to contact one or more of the three major consumer reporting agencies to take the following steps:
Learn more about your rights under Massachusetts law and contact information for consumer reporting agencies.
Tewksbury Hospital takes patients’ privacy seriously and has been working diligently to investigate this incident. If you have any questions regarding this notice, please call one of these toll free numbers between 9 a.m. and 5 p.m. Monday-Friday.