She used patient names and doctor names and DEA numbers to create fraudulent prescriptions for controlled substances. She filled the prescriptions without the patients’ or doctors’ knowledge, and kept the pills for personal use.
"Of more concern is what happened to the patients and doctors whose information was misused? Did creation of records have the potential to negatively impact patients and subscribers? Yes. Was anything done to remove the fake entries from their records?While keeping the pills for her own personal use is disturbing, the fact that Smith filled prescriptions without patient or doctor consent should be especially eye-opening for healthcare organizations.
I hope so." - PHIprivacy.net
This incident raises the question of what can be done to tighten up patient data privacy as it changes hands and data becomes more integrated, and therefore more valuable.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) www.justice.gov - US Attorney's Office, Western District Kentucky, 2/14/2013
(b) Walgreen's Pharmacist Data Breach Raises Questions - Health IT Security, 2/18/2013
(c) Former Pharmacist Sentenced to 25 months in Prison for Using Patients and Doctors Names to Create Fraudulent Prescriptions - PHIprivacy.net, 2/15/2013