Fired Everett Clinic nurse defends actions

Kathleen Crossler’s career as a registered nurse at The Everett Clinic essentially ended the moment she opened an electronic medical file Feb. 22.

She said she was checking on her husband’s lab results — at his request.

Her husband, Phil Crossler, said he didn’t have any problem with her checking on the results. Not only had they talked about it, he said he signed a document saying he gave permission for his wife to be given information on his medical condition.

That form allows the named person to be given a verbal summary of medical information, but does not allow clinic employees to view those records.

“They said I had accessed my husband’s record, which I had, with his permission,” said Kathleen Crossler, who lives in Everett.

Crossler is one of 13 employees fired by The Everett Clinic for what the organization said were violations of its patient privacy policies. She was the only former employee reached by The Herald who agreed to be interviewed.

Everett Clinic employees are only allowed to read patient records as part of their job duties, according to clinic policy. They’re also required to sign a document each year that includes a prohibition on accessing the records of family and friends, unless it’s connected to their job.

Ironically, Kathleen Crossler’s husband had gotten information on his test results Feb. 20, two days before she opened the file through The Everett Clinic’s password-protected patient information system.

Neither knew the other had gotten word of the results until Kathleen Crossler got home the evening of Feb. 22, and she and her husband talked about them.

The test results were normal, but his doctor had recommended some follow-up. “He trusts me and wanted my opinion,” she said. The only reason she opened the file, she said, “was to answer a question I would answer for anybody else.”

About a week later, Kathleen Crossler said she was called into an office at work and confronted with evidence that she had accessed her husband’s file — and not just on Feb. 22. They said she had accessed her husband’s files in three other instances dating back to 2009.

She was fired the next day, on Feb. 28.

April Zepeda, a spokeswoman for The Everett Clinic, declined to comment on the circumstances surrounding the firing of any employee.

“Just like it’s important to protect patient privacy, we want to preserve the privacy of our current and former employees,” she said.

The Everett Clinic is one of Snohomish County’s largest health care organizations, with 295,000 patients and 2,050 employees.

The firings have rocked an organization that has attained a national reputation for innovation. It was included in a PBS documentary broadcast last month called “U.S. Health Care: The Good News.”

One employee, Mari-Ann Lauron, a nurse, said she quit her job Friday to protest how her fellow employees were treated.

“I can’t tell you how upset I am about this,” she said. “The punishment did not fit the crime.”

“No one thought they would be fired for looking at their child’s pertussis (test) results,” she said, referring to the circumstances that she said led to another employee’s firing.

In 2007, The Everett Clinic installed a computer program monitoring program that randomly checked on who opened electronic patient records.

A new system, installed in December, monitors every time a patient record is opened. In addition, it checks to see if a patient file opened by an employee has the same last name and address, or an address in close proximity to the employee — in essence, a way to protect against unwanted and unauthorized reading of family members’ or friends’ medical files.

Dr. Al Fisk, the clinic’s chief medical officer, explained why. There may be time when a patient may want to disclose something to their physician that they may not want their spouse to know, he said.

Overall, 43 employees viewed 55 patient records belonging to friends, family or acquaintances, Fisk said.

In addition to the 13 terminated employees, as of last week, the fate of 11 others was under review. Zepeda declined to provide updates on any of the cases that weren’t part of the original group of employee firings.

She did, however, provide a copy of the organization’s confidentiality agreement, which says the employee can’t look at files even if they’re asked by friends or family to check their medical information. Instead, the patient should be referred to their doctor’s office, it says.

And when employees sign in to the computerized medical records system, they are reminded again.

“As a user, it is your responsibility to access only the records required to perform your job duties,” it says.

The Friends and Family consent form “does not allow you, as a (The Everett Clinic) staff member, the right to access records of family or friends who may have you listed on their form.”

“All access is monitored,” it adds.

Breaches of patient privacy must be reported to the federal government, as well as what actions were taken in response to the violations.

Last week, Zepeda said that unauthorized access of medical records could result in serious penalties and fines for The Everett Clinic.

Federal authorities rarely prosecute individuals for violations of privacy laws.

Crossler said she doesn’t remember ever seeing the warning on her computer screen.

“I broke their policy,” she said. “I agree they have a right to fire me. I wish they had taken a less stringent approach.”

Crossler said she would have understood the decision to fire her if she had been looking at another patient’s medical record.

The Everett couple have been married for 47 years.

“If my husband were the type of guy who didn’t want me in his records, I wouldn’t be there,” she said. “But he did.”

Crossler, 65, has been a registered nurse since 1990. She had worked at The Everett Clinic for nearly five years.

Crossler said she plans to appeal her termination, which will be considered by Rick Cooper, the clinic’s chief executive.

“The thing that upsets me the worst is the inference that this was done unethically, maliciously or out of curiosity,” she said. “I was getting ready to retire, but I wasn’t thinking this is the way I would retire.”

Sharon Salyer: 425-339-3486 or salyer@heraldnet.com.

Privacy policies

When employees of The Everett Clinic sign into the electronic medical records system, they see this warning about clinic policy regarding confidentiality:

“Confidential records information stored in (this system) are protected by federal and state privacy laws. As a user, it is your responsibility to access only the records required to perform your job duties. A Friends and Family consent form does not allow you, as a TEC staff member, the right to access records of family or friends who may have you listed on their form.

ALL ACCESS IS MONITORED.”

Confidentiality agreement

This is an excerpt from a confidentiality agreement that each employee of The Everett Clinic must sign each year:

“I will not access the medical information of my family (including spouse and children), friends, or co-workers … If I receive requests for medical information from my friends or family members, I will not access or release this information and will refer them instead to their doctor’s office.”