Hospital Forced To Provide EMR Data Access By Court

A New Hampshire hospital has been forced by the state’s Superior Court to provide public health officials with access to its EMR so they can further investigate a major hepatitis C outbreak.

Exeter Hospital had been ordered by the state’s Division of Public Health Services to release patient records, but had  challenged the order, arguing that it would be violating state and federal law if it provided free access to EMR records.

The issue dates back to July, when a lab technician formerly employed by the hospital was arrested in connection of a hep C outbreak affecting more than 30 patients. The lab tech, who has hep C, allegedly stole fentanyl-filled syringes from the hospital, injected the fentanyl, then refilled the dirty syringes with another substance.

The hospital sought guidance from the courts in an effort to learn just how much access it would have to provide without running afoul of HIPAA and state privacy laws.  (If I were running Exeter Hospital I certainly would have done the same thing; otherwise, one would think  it’d be wide-open liable to suits by patients who objected to the data sharing.)

Now, it seems, the hospital is satisfied that patients involved in the outbreak are adequately protected. From its official statement on the matter:

The Court pointed out that the State needs to follow very specific, CDC-sanctioned protocols in collecting data from Exeter Hospital’s electronic medical record system and can only obtain the minimum amount of information necessary to complete its investigation. The Court has also emphasized that the information collected by the State cannot be re-published which helps to protect the privacy of patients.

For both the patients’ and Exeter’s sake, let’s hope that the public health authorities involved handle such explosive data with extreme care.  A data breach at this point would not only have devastating consequences — particularly if the hepatitis C sufferers’ names were made public — it would also plunge all involved into a legal nightmare. For their sake, I’m hoping for the best.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • One would think (hey, I’m trying to be logical), that given that a big reason for EHR’s is to provide data for public health reasons. Of course, that doesn’t mean that MU includes viable rules on what to do when this sort of issue arises, and one wonders if this issue needs to be settled case by case, state by state, or if perhaps there should be Fed rules laying out the basics as to how situations like this are handled. Hmm – MU Stage 2 or 3?

  • R Troy,
    There is a growing concern by many doctors of “big brother” looking at all their data. They’re afraid (right or wrong) with what could be done to them with big brother watching over their shoulder.

Click here to post a comment