By Sharon Salyer Herald Writer
Thirteen employees of The Everett Clinic have been fired for looking at patient medical records they weren’t authorized to see, in violation of federal law.
“That doctor-patient relationship is sacred,” said April Zepeda, The Everett Clinic’s spokeswoman. “That means other people can’t take a peek.”
The investigation into suspected violations of patient privacy is still under way, with the medical record viewing activities of 11 other employees still being checked, said Dr. Al Fisk, The Everett Clinic’s chief medical officer.
Overall, 55 patient records were electronically viewed by 43 employees. It’s still unclear how many of those ultimately may be found to have had legitimate reasons for looking at patient medical records and may be cleared of wrongdoing.
Letters are being sent out notifying the 55 patients whose medical records were illegally accessed. “People don’t have to worry; we’ll contact them,” Zepeda said.
Only employees directly involved in a patient’s care, or looking at medical records as part of their job duties, such as for scheduling appointments, can have access to patient records, Zepeda said.
The Everett Clinic is one of Snohomish County’s biggest health care organizations, with 295,000 patients and 2,050 employees.
The firings occurred over the past several weeks, Fisk said, after it was discovered that some employees violated the patient privacy policies.
“We’re really passionate about the protecting the medical record,” Fisk said.
There may be times when patients may want to disclose something to their physician that they may not want their spouse to know, he said.
“If a patient can’t talk to their provider honestly and unworried that someone else might look at that, then you can’t give the best possible care to that patient,” he said.
Fisk declined to say what type of jobs the 13 fired employees had, saying it was a personnel matter and they worked in a variety of roles.
No details were available on the reasons the 13 employees were looking at the medical records, such as whether they checking on a family member or friend.
The breaches of patient privacy were flagged by a new electronic monitoring system just installed in December. Employees were told of the new monitoring system, and reminded of the clinic’s privacy policies, Zepeda said.
The system shows how long the employee was in the medical record. “You can tell every single person who went into the record and every single thing they looked at,” Fisk said. “It’s easy to see if it’s inappropriate.”
In addition to protecting patient privacy, the monitoring system acts as a deterrent, Fisk said, so that employees who for whatever reason are curious about a patient’s medical record don’t access it unless they have an acceptable reason to do so.
“I think the curiosity drive is very strong in all of us,” he said.
Unauthorized access of medical records could result in serious penalties and fines for the organization, Zepeda said. Federal authorities rarely prosecute individuals for violations of privacy laws.
Breaches of patient privacy must be reported to the federal government, as well as what actions were taken in response to the violations.
This includes actions such as medical information sent to the wrong fax or the disclosure of medical information that has not been approved by the patient.
For example, in 2008, Providence Health &Services, the parent organization to Providence Regional Medical Center Everett, agreed to pay $100,000 to settle a case involving lost or stolen laptop computers containing the health information of more than 386,000 patients, according to the Department of Health and Human Services.
Earlier this month, Blue Cross Blue Shield of Tennessee agreed to pay a $1.5 million settlement after 57 computer hard drives with unencrypted information on 1 million patients were stolen.
Providence Regional Medical Center Everett and Swedish Health Services declined to discuss whether employees have been disciplined or fired over medical privacy issues, citing company employee policies.
A spokeswoman for Group Health said she did not have any information available on Tuesday on whether any disciplinary actions have occurred because of breaches of medical privacy.
Switching from bulky paper to electronic medical records is an increasingly common trend locally and nationally.
There are a lot of good reasons to use computerized medical records, including standardizing care, tracking medications “and knowing what a patient’s history is to help prevent errors and keep care safer and better,” said Cassie Sauer, spokeswoman for the Washington State Hospital Association.
Consumers may assume that because their health records can be viewed on a computer, it may be easier for people not involved with their care to take a peek than in the days when paper medical records were kept in folders.
Protections are built into electronic medical records to keep track of who’s read them, she said. For example, they can be designed so that the business office employees can see the necessary information to bill patients, but can’t see their medical history.
For these reasons, privacy may be more secure with electronic than paper records, she said.
Fisk said it’s regrettable that some employees lost their jobs over privacy issues. The workers can appeal their terminations to Rick Cooper, the clinic’s chief executive.
“The majority of people who work at The Everett Clinic are incredibly ethical and devoted to doing what’s best for patients,” Fisk said. “A few employees made serious mistakes. It think with this software, it will be less likely to happen in the future.”
Sharon Salyer: 425-339-3486 or salyer@heraldnet.com.
