Sullivan County Democrat
Callicoon, New York
January 22, 2010 Issue
National Award-winning, Family-run Newspaper
Established 1891
news | sports | obituaries | archives | classifieds | subscribe | NEW! buy photos | contact | tv listings | lottery



John Conway's Weekly
Column in the Democrat

"The Wild Gardener"
Peter Loewer's Weekly
Column in the Democrat

"The Mouth That Roars"
Bill Liblick's Weekly
Column in the Democrat

"Sullivan EMS Scene Sizeup"
James Vooght's Biweekly
Column in the Democrat

Sullivan Renaissance

Sullivan County Chamber
Of Commerce & Industry

Sullivan County
Visitor's Association

Sullivan County
Government Center

Sullivan County
Partnership for
Economic Development

Please visit our
Community Links
section for other
Sullivan County

PLEASE NOTE: If you bookmark a particular link from the current news, sports or obituaries offered on our Website, be aware that the URL address will change once it is archived. Bookmarking an archived link is therefore the surest way to retain access to a particular article.


Jeanne Sager | Democrat

HOSPITAL CEO STEVE Ruwoldt said there was no "malicious intent" in an employee's privacy violations.

HIPPA violations found at CRMC

By Jeanne Sager
HARRIS — A nosy employee at Catskill Regional Medical Center is being blamed for a breach of the Health Insurance Portability and Accountability (HIPPA) Act of 1996 that put 431 personal medical files at risk.
The November termination of the CRMC employee was made public by the hospital this week as it closed the book on its investigation with letters sent to the patients whose confidentially was breached.
“She was nosy,” said hospital CEO Steven Ruwoldt.
The employee, a female who Ruwoldt declined to identify, has worked in various capacities in the hospital for a number of years.
Her last post was in medical records, which gave her access to the files – although not the authority to access those which she apparently viewed on a regular basis.
“It appears the access of these records were acquaintances of hers and people that she works with,” Ruwoldt explained. “These accesses were noted through routine internal audit of our system.”
Caught in November, the issues were brought to the employee who was interviewed by hospital administration. When she could not come up with a “cogent” reason for viewing the files, Ruwoldt said she was terminated.
The ensuing investigation covered three years of electronic medical records and was slow going as work had to be done manually to determine whether the employee’s access of each file was appropriate or violated both the federal HIPPA Act and the hospital’s confidentiality processes.
Ruwoldt said employees are forbidden from taking phone calls from family and friends who ask them to check into one of their files, and they’re even disciplined for checking into their own files.
When a request is made, a procedure is in place to contact the appropriate person on staff to open the files. Yearly education on the policy is mandated for all employees.
Audits of the electronic system then follow-up, allowing an auditor to determine what files have been accessed and by who, even how long the file was open.
“At times we can’t help what people will do, and it’s not something we sanction, but certainly we’ve got the safeguards in place that have caught this,” Ruwoldt said. “We have a zero tolerance policy for breaches of these actions.
“We believe this was purely something of curiosity and it did not represent anything of malicious intent,” he said.
There’s no evidence that the information was used maliciously, and police – though notified – have not charged the former employee with a crime.
“On the positive note on this, we have security systems here that in fact have worked,” he noted. “We are deeply sorry for any inconvenience this may have caused or concerns it causes any of the people that are involved, but we do want to emphasize our security system in fact did work.”
The hospital has upped the number of times per year the audits will be performed to better catch potential HIPPA violations. Ruwoldt said patients should still feel safe at CRMC.
“It’s simply the temptation – some people have those accesses and don’t even think about it,” Ruwoldt said. “I equate it to a person with a driver’s license. They have the authority to drive on the street; can we guarantee that they’re not going to speed?
“No, all we can do is police it to catch people if they do violate the laws,” he continued. “We do not condone these actions whatsoever, and we take them very seriously.
“We take every step that we can that their records are safe.”
Letters were mailed this week to all 431 patients whose files were affected.

Copyright © 1999-2006 Catskill-Delaware Publications.
The information you receive online from the Sullivan County Democrat Online Edition is protected by the copyright laws
of the United States. Please read our user agreement and our use information
privacy statement.
Internet Services provided by Time Warner, Site Design by Green Enterprises

Please be aware that once a new issue is posted on this site, the immediate previous issue's links change. Check our Archives section to obtain the new links for old issues.
top of page       top of page