EHR snooping leads to criminal HIPAA violation charges in New York

Huntington Hospital in Long Island sent notifications to 13,000 patients after a night-shift employee was found to have accessed electronic health record information in violation of hospital policies. The employee was terminated and charged with a criminal HIPAA violation. The hospital discovered the unauthorized access between October 2018 and February 2019 but only announced it in November 2021 due to an ongoing investigation. The hospital stated that there is no evidence of access to sensitive payment-related information but may have included demographic and clinical information. The hospital is offering complimentary identity theft protection services and has enhanced its access controls and staff training. Employee snooping remains a concern in the healthcare sector.