SAMARITAN LETTERHEAD March 6, 2013 Name Address City, State Dear _____: As part of our commitment to patient privacy

we are sending this letter to notify you that information relating to medical care you have received at Samaritan Hospital may have been accessed improperly by one or more employees of the Rensselaer County Jail. Samaritan Hospital has historically provided the Rensselaer County Jail nursing staff with access to the hospital’s electronic medical record system for the purpose of coordinating medical care of inmates the nurses are responsible for treating. Prior to being granted access to the hospital’s computer system, all users (including the supervising nurse at the County Jail) agree, in writing, that they will access patient records only for authorized purposes, and not for any purpose not permitted under applicable privacy laws and hospital policies. In November 2011, we were notified that health information relating to a patient of Samaritan Hospital may have been accessed for an improper purpose by an employee of the Rensselaer County Jail. We immediately investigated this incident and confirmed that access was indeed inappropriate. In the course of this investigation we discovered that the account assigned to ___________________, the supervising nurse, had been used to access records of other hospital patients in a potentially improper manner. The person accessing these records could have been ________________, or possibly another person with knowledge of the password for ____________________’s account. Samaritan Hospital took immediate action to deactivate the user account, and notified the Rensselaer County Sheriff’s Office of this matter. The Sheriff’s Office opened an investigation, which remains ongoing today. Samaritan Hospital has supported and cooperated with the Sheriff’s investigation. To avoid impeding a pending investigation of a potentially criminal nature, the Sheriff’s Office requested that Samaritan Hospital delay notifying individuals whose medical records may have been accessed improperly. Samaritan Hospital is required by federal and states laws to comply with such requests from law enforcement officials, and has done so. The investigation has now reached the point where the Sheriff’s Office has authorized Samaritan Hospital to notify you that some of your personal health information contained in Samaritan Hospital’s electronic medical record system, including demographic information (e.g. name, address and Social Security Number), medical diagnoses, clinical laboratory results, diagnostic imaging reports, emergency department records, and medication administration, were accessed

1

prior to November 16, 2011, by ______________________ or possibly other persons then employed at the Rensselaer County Jail. Enclosed with this letter is a record that shows who accessed your electronic medical record, when that access occurred, and the duration of the access. We take patient privacy very seriously, and enforce the policies and procedures we have adopted to safeguard the confidentiality of our patients’ personal information. As soon as we had reason to believe that patient records were accessed without a valid reason, the user account involved was deactivated to protect your privacy, and the privacy of all other Samaritan Hospital patients. We remain confident that appropriate action will be taken by the Sheriff’s Office against any individual who is found to be responsible for accessing your medical records in an unlawful or unprofessional manner. In order to provide you with peace of mind, we are offering to purchase credit monitoring for you for a period of one year, from a reputable provider of credit monitoring services of our choosing. If you wish to take advantage of this offer, please advise our patient representative, Carol Favreau, at the telephone number below. We sincerely apologize for the inconvenience and concern this incident causes you. Although this matter is the result of poor judgment exercised by one or more professionals entrusted to comply with applicable privacy laws and standards of ethical conduct, I can assure you that Samaritan Hospital will take all appropriate measures to continuously fortify its privacy safeguards for you and all other patients. If you have any questions or concerns, or would like the credit monitoring offered above, please contact Carol Favreau at (518) 271-3336. Sincerely,

Robert N. Swidler Privacy Officer St. Peter’s Health Partners

Enclosure

2

Sign up to vote on this title
UsefulNot useful