- Special Sections
Local law enforcement has opened an investigation into the theft of medical records from Northern Inyo Hospital in a case that has shaken community members and NIH itself.
This past summer, hospital officials noticed that an employee in the records department had illegally obtained and was in possession of a patientâ€™s medical file. Hospital Administrator John Halfen said Thursday that the employee, Cherie LaBraque, was fired within hours of the discovery, but the ramifications of the theft are far-reaching.
The patient whose records were stolen, Tami Matteson, addressed the Northern Inyo Hospital Board in open session Wednesday evening, testifying that the breach in confidentiality has shaken her faith in the local healthcare system and she may have to move out of the community.
â€śMy entire medical record was reviewed â€“ possibly copied and disseminated and discussed with who knows who all â€¦ and held by a Northern Inyo Hospital employee,â€ť Matteson said.
Inyo County District Attorney Tom Hardy said Friday morning that his office is aware of the matter and is conducting its own investigation. Due to the ongoing investigation, Hardy said he could not comment on the specifics of the case, but he did point out that the illegal or unauthorized access of private medical files could be a violation of the Health Insurance Portability and Accountability Act.
In general, Hardy said, â€śHIPPA is one of those very complicated lawsâ€ť that could result in civil or criminal charges, or both.
Matteson has said that her medical files were used in an attempt to document that she is an unfit mother while she was engaged in a bitter custody battle with her ex-husband, who is now married to LaBraque.
â€śThis has put me through horrible things. Itâ€™s embarrassing and horrifying,â€ť Matteson said. â€śShe went into other peopleâ€™s records too. I will never know what she did withâ€ť the records or who she showed them to.
According to Halfen, an investigation conducted by the hospital revealed that LaBraque had accessed Mattesonâ€™s file a total of 14 times. The first 13 breaches occurred over a two-day period in 2010. â€śAt that time, she did write letters to the court during the custody battle,â€ť Matteson said.
In early August of this year, LaBraqueâ€™s supervisor, Kelli Huntsinger, noticed a hard copy of Mattesonâ€™s records on LaBraqueâ€™s desk. Halfen said Huntsinger was aware of the personal dispute between the employee and the patient, and immediately questioned LaBraque as to why she would have that file.
Halfen explained that LaBraque was fired within hours of Huntsinger discovering that she was in possession of files that she had no legal business to have.
â€śWe were able to determine that a breach did take place,â€ť Halfen said, adding that the Hospital Board has determined that NIH as an organization is not at fault, as LaBraque received the necessary HIPPA training and was aware of procedures and protocols that are set forth to protect patientsâ€™ rights.
â€śWhat happened is, we had a corporately trained and trusted employee (in the hospital records department) who took advantage of that trust and accessed protected health information,â€ť Halfen said.
He added that LaBraque was required to complete three â€śMediConâ€ť courses and pass a three-part exam every year to ensure that she was up to speed on HIPPA and patient confidentiality laws. â€śEvery employee is aware of their responsibilities and the hospital can only do so much in the case of a rogue employee,â€ť Halfen said.
The hospital board offered Matteson a settlement on her claim in closed session at Wednesdayâ€™s meeting. However, Matteson was not permitted to address the board during its closed session meeting, due to Brown Act laws.
Halfen said that Matteson did not specify a dollar amount to settle her claim against the hospital, but the board â€śdidnâ€™t think it was right to do nothing.â€ť
NIH has reported the breach and Mattesonâ€™s claim to the Centers for Medicare and Medicaid Services, the federal agency that administers Medicare, Medicaid and the State Childrenâ€™s Health Insurance Program. That agency has the ability to open its own investigation into the breach and, if it finds the hospital is at fault, can fine NIH.
Halfen said that, as of Thursday, the CMS had not taken steps to reprimand the hospital. â€śThey are typically understanding of individual casesâ€ť and it isnâ€™t likely that the hospital will face fines, Halfen said.
According to Halfen, hospital officials have taken the breach seriously. â€śWeâ€™ve already had a session or two of counseling for the folks in that departmentâ€ť to ensure that there is no question that the staff has been properly trained. â€śIf anything, there is probably going to be a little over-reaction to this in that department. Which is OK.â€ť
Halfen added that one other resident, Lauren Nitschke, a friend of Mattesonâ€™s, had her medical records unlawfully accessed by LaBraque.
â€śThis information has been very upsetting,â€ť Nitschke said Thursday, adding that she and her husband â€śboth feel extremely violated and have a number of serious concerns regarding our privacy and future healthcare.â€ť
Halfen stressed that the breaches of confidentiality were the work of one â€śrogue employeeâ€ť who has been terminated.
â€śThe hospital has 400 employees. This breach took place in 2010. We have had 600-700 employees since that time. This was one employee. That doesnâ€™t equate to a systematic problem at the hospital,â€ť Halfen said. He added that it was proper oversight on the part of the Records Department manager that caught the breach in the first place.
â€śItâ€™s important that the community trust the hospital,â€ť Halfen said. â€śThatâ€™s why we have these HIPPA laws. We have a computer system that tells us who got into what files, the time and date and what they did. If anyone feels their medical files may have been accessed, we can check. The only thing is, we need to know to look.â€ť
Halfen said anyone who is concerned about their medical files is encouraged to contact the NIH Records Department. Staff there has the ability to find out if their files were also illegally accessed.