An Ellis Hospital employee fired in 2009 after having been found to have inappropriately accessed a patient’s records in violation of privacy rules has lost her bid to get her job back after a judge’s ruling.
The woman, Jennifer Zelezniak, was among five Ellis employees fired that August after a large investigation into more than three dozen employees suspected of violating federal patient privacy rules by accessing the records of a particular patient — a hospital employee.
Zelezniak, who was an associate nurse manager in the hospital’s emergency department, filed suit in December 2009, claiming she was illegally fired. She said she accessed the records while conducting an investigation into the patient’s care, which was a part of her job description, and was fired in retaliation for questioning possible inadequate patient care.
The hospital, though, countered that there was never any documented issue with the patient’s care and that Zelezniak’s accessing of the records was wholly inappropriate.
Attorneys for the hospital also outlined the overall investigation into the patient privacy breach, from how it was first discovered to the final conclusion that left five employees terminated and 10 others suspended. One employee resigned, while at least eight, whose infractions were deemed lesser, were given warnings.
At least 11 of the 38 investigated were later cleared, according to paperwork filed in the case.
Zelezniak’s termination was supported by the number of times she was found to have accessed the records and a history that included a prior warning over a cellphone photo she was found to have taken.
The photo was discovered after the hospital received an anonymous tip in June 2008. The photo depicted an amputated foot and Zelezniak was found by the hospital to have shown the picture to at least one other employee. Zelezniak was “counseled that this behavior would not be tolerated.”
The hospital made its arguments in papers asking state Supreme Court Justice Vincent J. Reilly Jr. to dismiss the case outright. In a decision filed in state Supreme Court in Schenectady County on July 27, he did just that, throwing out the case.
Reilly noted that Zelezniak claimed she was terminated in retaliation for a statement she made to a supervisor that the emergency room staff “may have really screwed up” the care of the patient.
However, the judge found that, even if Zelezniak said that as described, it wasn’t specific enough to make a claim of retaliation under labor law.
“Plaintiff has failed to offer any evidence that prior to her termination she ever communicated to [Ellis Hospital] with any particularity that she objected to, refused to participate in, or would disclose some specific conduct by defendant that violated the law or otherwise constituted improper quality of patient care,” Reilly wrote.
“In fact, plaintiff explicitly testified at her deposition that she was not aware of any law or regulation that defendant may have violated in rendering patient care.”
Zelezniak is represented by the firm Gleason, Dunn, Walsh & O’Shea of Albany. The attorney handling her case could not be reached for comment for this story. The hospital is represented by Bond, Schoeneck & King of Albany. The hospital’s attorney did not return a call for comment.
In a statement issued Tuesday by hospital spokeswoman Donna Evans, the hospital said the dismissal speaks for itself.
Regarding the underlying investigation, hospital attorney Michael Billok, of the Bond firm, said it began in early August 2009 when another nurse manager overheard a request for a patient record that sounded suspicious.
When the nurse manager looked into it further, she found the patient was not on the nurse’s unit and therefore the nurse had no legitimate purpose to access the information. The nurse manager reported that to the director of nursing and an investigation into a possible breach of the Health Insurance Portability and Accountability Act was launched.
In his filing, Billok noted that employees receive annual HIPAA training that stresses that, even if an employee’s neighbor is admitted to the hospital, privacy rules prohibit the employee from accessing the information if it is not needed to do their job.
Electronic access to the records is monitored. An initial list of those accessing the patient’s records in this case numbered approximately 50. After those who directly provided the patient care were eliminated, the number of employees suspected still stood at 38.
“A few” of those were also eliminated after managers reviewed the list. Those who couldn’t be cleared were interviewed. A spreadsheet included in a plaintiff filing shows at least 11 of the 38 were cleared.
The targeted patient was also informed of the investigation. The patient, the attorney wrote, “expressed anger upon learning that other employees may have inappropriately accessed” his information.
Zelezniak was among the 38 investigated, having been logged as accessing the information six times that July.
When interviewed, she claimed to be conducting an investigation into a possible complaint, though none had been formally filed. She also could not point to any documents she created as part of her claimed investigation, the hospital’s attorney wrote, nor did she reference her claimed comment that the patient’s care may have been “screwed up.”
Had an actual investigation been done, the hospital attorney argued, some documentation would have been created.
The hospital’s overall approach to the breach was to place the employees found to have inappropriately accessed the information into three categories, based on their history, whether they told the truth and how many times they accessed the records.
The results were included in a letter to employees from hospital President and CEO Jim Connolly. The letter noted that, in all, five employees were terminated, one resigned and 10 others were suspended.
Zelezniak, listed with an Amsterdam address, remains a registered nurse listed in state records, registered through 2014.
In the statement issued Tuesday by Ellis, officials noted that the hospital responded quickly to the incident and took appropriate action.
“It is important to note that the violation was not due to the integrity of the hospital’s systems — it was due to the integrity of the people who use them,” the statement read.
Safeguards are built into the system to ensure that privacy, officials said in the statement. Staff is educated on an ongoing basis.
“Ellis Medicine,” the statement read, “has zero tolerance for unauthorized access of a patient record. Our patients’ right to privacy is of utmost importance. We take that responsibility very seriously and are committed to ensuring that each patient’s medical record is protected and information about their care is kept private.”
Categories: Uncategorized
