Wednesday, June 22, 2011

Prison for Insider Theft of Patient Data at Hospital

The ringleader of a fraud affecting more than 250 patients was sentenced to more than 14 years in prison and ordered to pay $631,000 in restitution.

One member of the gang was an emergency room employee at Holy Cross Hospital in Ft. Lauderdale who stole patients’ personal information from emergency room records. Another member worked for a doctor in Aventura and stole patient information from her employer.
The court held [the ringleader] responsible for a $419,000 loss incurred by Holy Cross Hospital due to the identity theft and a $212,000 loss incurred by J.P. Morgan Chase Bank.
The gang used the stolen patient information to gain on-line access to existing accounts and telephone banking services at J.P. Morgan Chase Bank and to make cash withdrawals and purchase money orders through ATM machines.

The hospital only became aware of the patient data privacy breach when the U.S. Attorney's Office and U.S. Postal Inspection Service contacted the hospital about a hospital employee who was the source of identity data.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
As for the other gang members - one was sentenced to 11 years in prison and ordered to pay $300,000 in restitution; a second was sentenced to two years in prison, a third was sentenced to 40 months in prison, and the forth will be sentenced on Aug. 15.

For more on this case see:
Ex-Hospital Employee Jailed for Patient Identity Theft
HIPAA Violation Indictments for 2 Medical Office Assistants

Sources:
(a) Holy Cross Hospital Identity Theft Ring Members Plead Guilty and are Sentenced - The United States Attorney's Office, Southern District of Florida, June 20, 2011


No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.