- The Centers for Medicare and Medicaid Services (CMS) issued a regulatory citation to North Country Hospital in Newport, Vermont after two unauthorized employees accessed confidential medical records, according to a report from WCAX.com. The incident was discovered during an unannounced CMS visit in the fall.
Prior to the incident, hospital employees worked on an honor system: upon hire they promise to follow confidentiality policies, and the hospital trusts that their employees will uphold this promise. Now the hospital is using an audit system to monitor patient record compliance and prevent future data breaches. The system is expected to be running by February 15. It is not known if the records viewed were paper or electronic.
While the hospital’s Medicare and Medicaid programs are not affected by the incident, it is unclear if there was any disciplinary action taken against the two employees.
This is not the first patient privacy incident to involve North Country Hospital. In October, former IT employee Christian Cornelius claimed a broken laptop he was repairing contained protected health information (PHI) for 3,000 patients, but the hospital would not return his calls. The hospital claims that Cornelius refused to return the unencrypted laptop.