Former Employee Inappropriately Accessed CRMC Patient Health Records - Cheyenne Regional Medical Center
Former Employee Inappropriately Accessed CRMC Patient Health Records
July 6, 2022
Cheyenne, WY—Cheyenne Regional Medical Center officials announced today that a former employee inappropriately accessed several patients’ personal health records between August 31, 2020, and May 26, 2022.
“Although certain employees have access to most patient records, there may be instances where an employee would view patient records that do not fall within the scope of that individual’s duties,” CRMC Compliance and Privacy Officer Gladys Ayokosok said. “Such unauthorized access by an employee was reported to the hospital’s Compliance Office on May 26, 2022, and an investigation was immediately launched to determine the extent of the access.”
The internal investigation discovered that some patients’ electronic medical records may have been viewed, but there was no evidence of actual or attempted misuse of patients’ medical information, or that any of the information was retained by the employee.
Further investigation confirmed that, although the employee properly had access to CRMC’s electronic health records system, the employee’s viewing of certain medical records was outside the scope of the individual’s job duties, and access was immediately terminated.
The unauthorized access included one or more of the following types of information: name, date of birth, Social Security number, dates of service, medical record number, medical information, diagnosis and treatment information.
The incident was addressed in accordance with CRMC disciplinary policies, and the employee no longer works for CRMC.
As a precaution, CMRC is mailing notification letters to affected individuals, Ayokosok said.
CRMC policies and procedures require that patient information be stored securely in the hospital’s electronic health records system.
Most patient records can be accessed by staff and providers for necessary consultations, continuum of care and certain administrative purposes. All access must be made securely in accordance with CRMC policies and procedures.
“We want our patients and community to know that their personal health information, as well as their privacy, are very important to us, and we are constantly working to strengthen our operational procedures,” Ayokosok said. “We sincerely regret any inconvenience or concern this incident has caused and are committed to working with any individuals who may have questions or concerns.”
CRMC has established an assistance line at (307) 633-7526 to ensure questions are answered in a timely manner.
Affected individuals have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights by calling (800) 368-1019.
Additional information regarding this incident has been posted on CRMC’s website at cheyenneregional.org.
July 6, 2022
Cheyenne, WY—Cheyenne Regional Medical Center officials announced today that a former employee inappropriately accessed several patients’ personal health records between August 31, 2020, and May 26, 2022.
“Although certain employees have access to most patient records, there may be instances where an employee would view patient records that do not fall within the scope of that individual’s duties,” CRMC Compliance and Privacy Officer Gladys Ayokosok said. “Such unauthorized access by an employee was reported to the hospital’s Compliance Office on May 26, 2022, and an investigation was immediately launched to determine the extent of the access.”
The internal investigation discovered that some patients’ electronic medical records may have been viewed, but there was no evidence of actual or attempted misuse of patients’ medical information, or that any of the information was retained by the employee.
Further investigation confirmed that, although the employee properly had access to CRMC’s electronic health records system, the employee’s viewing of certain medical records was outside the scope of the individual’s job duties, and access was immediately terminated.
The unauthorized access included one or more of the following types of information: name, date of birth, Social Security number, dates of service, medical record number, medical information, diagnosis and treatment information.
The incident was addressed in accordance with CRMC disciplinary policies, and the employee no longer works for CRMC.
As a precaution, CMRC is mailing notification letters to affected individuals, Ayokosok said.
CRMC policies and procedures require that patient information be stored securely in the hospital’s electronic health records system.
Most patient records can be accessed by staff and providers for necessary consultations, continuum of care and certain administrative purposes. All access must be made securely in accordance with CRMC policies and procedures.
“We want our patients and community to know that their personal health information, as well as their privacy, are very important to us, and we are constantly working to strengthen our operational procedures,” Ayokosok said. “We sincerely regret any inconvenience or concern this incident has caused and are committed to working with any individuals who may have questions or concerns.”
CRMC has established an assistance line at (307) 633-7526 to ensure questions are answered in a timely manner.
Affected individuals have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights by calling (800) 368-1019.
Additional information regarding this incident has been posted on CRMC’s website at cheyenneregional.org.
