In the federal indictment, the healthcare organization stated they believed the improper access occurred between October 11, 2011 and August 8, 2012; their internal investigation did not determine how the employee was able to access the information.
"The employee was being criminally charged for having improperly accessed the protected health information of an unspecified number of their patients. The data were allegedly provided to a third party who used the names, Social Security numbers, and dates of birth for tax refund fraud.." - PHIprivacy.netAs often happens, federal law enforcement was the first to uncover the data breach at this healthcare organization. Organizations that want to proactively detect breaches of protected health information can now utilize low-cost on-demand SaaS data analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) 21st Century Oncology employee stole patient information for tax refund fraud scheme – feds - 09/24/2013