The Everett Clinic’s decision to fire 13 employees who allegedly violated the company’s patient privacy policy is an instructive chapter as the health-care system makes a necessary move to electronic medical records.
Kathleen Crossler, a registered nurse who was fired, said she had accessed her husband’s record at his written request so she could advise him regarding some test results. She is appealing her dismissal. Another nurse said she quit her job at The Everett Clinic in protest of how her fellow employees were treated.
Some, perhaps most, of the fired employees may have had no malicious intent. Crossler certainly appears to have had none.
But that’s not the point. This is about maintaining meaningful, enforceable privacy policies. Confidentiality is a central tenet of medical practice, even when it comes to family members. In the United States, HIPAA laws mandate it.
The now-widespread use of electronic medical records, which improve care and lower costs by enhancing communication between a patient’s care team, have naturally raised concerns that patient data can be accessed by workers who aren’t directly involved in that care. For the system to work, the rules against improper access must be clear, and enforcement certain. Violations must be dealt with swiftly and seriously.
At The Everett Clinic, there appears to be no lack of clarity. Employees are required to sign a confidentiality agreement that specifically prohibits looking at unauthorized files, even if a family member asks them to check their information. In such cases, the relative is to be referred to their doctor’s office.
Each time employees sign on to The Everett Clinic’s medical records system, they’re reminded of the policy: “As a user,” the message reads, “it is your responsibility to access only the records required to perform your job duties.”
The clinic went a step further. A new computer system installed in December monitors the opening of patient records, and checks addresses against that of the employee opening the file — specifically guarding against the unauthorized reading of family members’ or neighbors’ records.
Crossler admits she broke the rules, but thinks the punishment was too harsh. We believe The Everett Clinic had no choice. Any less of a response would signal tolerance for such violations — an unacceptable message to employees and patients alike.
Electronic medical records are an important tool for bending health-care costs downward. Trust in their confidentiality is essential. With a spotlight shining, The Everett Clinic had to make clear it understands that by acting forcefully.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
