CRMC Says Former Employee Inappropriately Accessed Records

Cheyenne Regional Medical Center says a former employee inappropriately accessed several patients’ personal health records between August 31, 2020, and May 26, 2022.

According to a news release, the unauthorized access included at least one of the following: name, date of birth, Social Security number, dates of service, medical record number, medical information, diagnosis, and treatment information.

People whose records may have been accessed are being sent notification letters and the hospital has set up an assistance line at (307) 633-7526 to answer questions.

According to the release:

“Although certain employees have access to most patient records, there may be instances where an employee would view patient records that do not fall within the scope of that individual’s duties,” CRMC Compliance and Privacy Officer Gladys Ayokosok said. “Such unauthorized access by an employee was reported to the hospital’s Compliance Office on May 26, 2022, and an investigation was immediately launched to determine the extent of the access.”

The release says the employee had access to the hospital’s health records system, but that the person went beyond that legitimate access.

CRMC says it doesn’t have evidence that any patient information was misused in any way or that the employee saved the information. The employee no longer works at the hospital.