St. Joseph's Candler statement on patient privacy

From St. Jospeph's Candler:

December 16, 2010

Patient privacy is a critical part of the St. Joseph's/Candler mission. Our employees are consistently trained and retrained on our privacy policies and state and federal medical record laws. Any allegation of the misuse of patient records is given the utmost attention.

Yesterday St. Joseph's/Candler terminated three employees and disciplined five others for improperly accessing a patient image.

Our investigation indicated that those employees used a camera phone to take a picture of an x-ray. The picture was texted between those employees and posted to one employee's personal Facebook page. The image has been taken down.

No information identifying the name or other data of the patient was on the image.

In addition to the terminations, three co-workers were suspended for three days without pay and two received written warnings.

We take patient privacy very seriously. Although the actions by a handful of our co-workers do not represent the professionalism of our 3,500 employees, we recognize that we are in an age where personal and instantaneous technology challenges us to find new and better ways of protecting patient privacy. This is an issue every hospital in the country is trying to address.

Our patients put their trust in us and we will do everything in our power to prevent any break in that trust.  We encourage any individual to report anything they feel may be inappropriate. In this case, a co-worker stepping forward was the reason we initially discovered it.

How we train our employees on patient privacy:

• New Co-worker Orientation: A one-hour presentation by the Corporate Compliance Officer or the General Counsel/Privacy Officer.  Attendees are required to complete a quiz.

• New co-workers must sign a document stating violation of privacy policies is subject o discipline, up to and including termination, and that they agree to report any suspected violations.

• Changes in policies such as Code of Conduct and Confidentiality of Patient and Business Information are routinely updated and discussed at their monthly department meetings.

• Annual Compliance Training is required annually for all co-workers. This consists of an online course and test covering the Health Insurance Portability and Accountability Act of 1996 as well as some of the requirements of new federal laws, patient confidentiality and ethics.

• Annual Compliance Week – This occurs in May of each year, and, during that week, we have additional education to staff via e-mails, posters throughout the hospitals and cafeterias and contests.

• Articles in SJ/C publications "Compliance Corner" – such as monthly co-worker newsletter and quarterly newsletter for medical staff and the daily e-mail communication.

• In-person presentations made by SJ/C's Compliance Officer or Privacy Officer/General Counsel

• E-mails sent by CCO or General Counsel/Privacy Officer to all staff periodically to distribute appropriate information or to emphasize a compliance topic – i.e., Patient Confidentiality and the use of Social Media.

• Employees have numerous ways to anonymously report any violations.

Contact information for the general public:

If you suspect any incidents of inappropriate use or disclosure of a patient's personal health information, please contact St. Joseph's/Candler immediately:

  • SJ/C's General Counsel/Privacy Officer at #912-819-5293
  • Corporate Compliance Hotline: 912-819-LAWS (5297)
  • Corporate Compliance Officer at #912-819-5291
  • The "Contact Us" Link on SJ/C's Website:

Actions currently underway to improve patient privacy:

  • Safeguards from outside threats to patient privacy have been in place for a number of years.
  • Currently utilize audits to monitor individuals viewing patient information.
  • In the process of finishing installation and implementation of additional electronic auditing software that allows stronger random audits for all various medical record systems within the hospitals.
  • Currently reviewing all policies including policies regarding use of personal electronic equipment, use of system equipment, and social media policies to ensure the policies are appropriate, constructive, enforceable and provide guidance to employees regarding appropriate use of emerging technologies like cell phone cameras and social networking sites.
  • Currently reviewing all orientation and education for employees for improved guidance on issues raised in this investigation.
  • Continue our educational outreach on these issues to departments in the hospital.