Phoenixville Hospital was just one of two reports this week involving employees behaving badly by accessing patient files without a legitimate purpose.
On July 6, Cheyenne Regional Medical Center in Wyoming revealed that a former employee had inappropriately accessed several patients’ personal health records between August 31, 2020, and May 26, 2022.
In this case, CRMC first learned about the problem because someone reported it to them. CRMC Compliance and Privacy Officer Gladys Ayokosok said that on May 26, 2022, CRMC received a report of inappropriate access and launched an immediate investigation. They do not indicate whether it was an employee or someone else who reported the concern.
The investigation confirmed access, but there was no evidence of misuse or that the data had been retained by the now former employee.
The unauthorized access included one or more of the following types of information: name, date of birth, Social Security number, dates of service, medical record number, medical information, diagnosis and treatment information.
As with Phoenixville, the employee’s employment was terminated.
CRMC’s statement can be found on their website.
Update: The incident was added to HHS’s breach site later today as impacting 1,652 patients.