Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

KMC workers disciplined for viewing records

Staff writer

Four workers at Kootenai Medical Center were disciplined recently for violating Shasta Groene’s privacy, after they viewed her medical records even though they weren’t part of her medical team.

The four were among 1,000 KMC employees with security passwords that allow them access to medical records that are now electronic, Tom Legel, KMC’s vice president for finances and information systems, said Wednesday. KMC began moving its paper patient files to computers 15 months ago and completed the job last September, Legel said.

Legel discovered the violations during a routine audit of medical records. To ensure patient privacy, the hospital audits the records of high-profile patients and celebrities. It also audits random records and at patients’ requests, he said.

An audit of Shasta’s medical records showed four names that raised questions. Shasta, 8, was taken to Kootenai Medical Center July 3 after she was found with Joseph Edward Duncan III, who allegedly murdered four members of her family, kidnapped Shasta and her brother, Dylan, and eluded authorities for 47 days. Shasta was released from the hospital July 8.

Legel said electronic medical records tell him who has accessed a file and when, how long that person studied the medical chart and which part he or she studied. Four names in the Groene file didn’t make sense, he said.

“We found no reason for them to be there,” Legel said.

The employees explained themselves to Legel and Joe Morris, hospital chief executive officer. Legel said concern for the patient was behind the records violations, so the workers were not fired. He wouldn’t elaborate on what the employees were concerned about or why.

“If they had spread the information, they would have been terminated,” he said. “None were terminated. They were dealt with appropriately.” He also wouldn’t elaborate what kind of disciplinary actions were taken.

Legel said he and Morris used the incidents to remind KMC’s 1,600 workers that patient privacy is a hospital priority.

“I feel terrible that a small number of employees violated patient trust,” he said. “We take that seriously, and we’re not shy about holding the staff responsible.”

KMC is one of 32 Inland Northwest hospitals using the electronic medical record system through Inland Northwest Health Services in Spokane. Before computer records, hospitals had no reliable way to keep prying eyes away from medical files and find out who was viewing records they had no business seeing.

Electronic records keep track of everyone who accesses them. Only KMC workers with secure passwords can log on to the records system.

“We believe it provides better security,” Legel said.

Laurie Lutz, KMC’s medical records director, said she’s disappointed employees violated the hospital’s privacy policies.

Legel said the hospital has had two other privacy violations since the records went online, and those employees also were disciplined.

Besides better security, electronic medical records enable doctors to access patient data away from the hospital. They also cut down on misplaced records. In the past, lost records of tests required patients to take tests again, which was inefficient and not cost-effective, Legel said.