By Lance O. Leider, J.D., and George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
On October 22, 2012, a former Florida Hospital employee admitted to stealing patient information that was used to target customers for lawyers and chiropractors, according to a number of sources. The man allegedly pleaded guilty in Orlando federal court to one count of conspiracy and one count of wrongful disclosure of health information, according to the Department of Justice (DOJ). By accessing this information the man violated criminal provisions of the Health Insurance Portability and Accountability Act (HIPAA).
To read a press release on the guilty plea from the DOJ, click here.
You may remember the news story about a privacy breach at Florida Hospital back in October 2011. The breach involved more than 700,000 patient records that were accessed by the ex-employee between 2009 and 2011. We previously wrote about that story. Click here to read the blog.
Patient Information was sold to Co-Conspirators.
Federal investigators said the ex-hospital worker was looking specifically for information on car accident victims. He would allegedly sell that information to co-conspirators.
According to the Federal Bureau of Investigation (FBI) affidavit, some patients would receive calls offering lawyer or chiropractor referrals about a week after their hospital visit.
The FBI also allegedly found payments from co-conspirators to the former hospital employee.
To read the FBI affidavit, click here.
Prison Time Being Faced by Ex-Employee.
According to the Orlando Sentinel, the ex-Florida Hospital worker faces up to 15 years in federal prison for these criminal charges.
Click here to read the entire article from the Orlando Sentinel.
The man will be sentenced on January 14, 2013. Be sure to check our blog for updates to this story.
Get a HIPAA Risk Assessment to Avoid Violations.
As a health provider you know that you must safeguard and protect confidential patient medical information to avoid civil and criminal penalties against you and your practice. A HIPAA Risk Assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws. We recently wrote a blog on this subject, click here to view it.
HIPAA Privacy Complaints Do Result in Action.
Many individuals whose privacy is breached fail to realize how effective a HIPAA Privacy Complaint can be. These complaints, which can be filed online to the Office of Civil Rights (OCR), are fully investigated. Stiff civil fines and even criminal prosecutions may result.
Since the time period is short for filing these (180 days), the first step you should take, if your medical privacy is breached, should be to file a HIPAA Privacy Complaint.
Contact Health Attorneys Experienced in the Confidentiality of Medical Records.
Our attorneys provide advice and legal opinions on confidentiality of medical records and medical information, including HIPAA Privacy Regulation, and are available to testify as expert witnesses on these issues.
For a list of applicable Federal and Florida legal authorities on "super-confidential" medical information such as mental health, HIV and drug or alcohol treatment records click here.
To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.
Have you been following this story? Do you think the ex-hospital employee should receive the maximum sentence? Please leave any thoughtful comments below.
Pavuk, Amy. “Ex-Hospital Employee Pleads Guilty to Stealing Patient Information.” Orlando Sentinel. (October 22, 2012). From: http://www.orlandosentinel.com/news/local/breakingnews/os-florida-hospital-patient-records-arrest-20121022,0,5057291.story
Department of Justice. “Former Florida Hospital Employee Pleads Guilty To Data Theft.” DOJ. (October 22, 2012). Press Release From: http://www.justice.gov/usao/flm/press/2012/oct/20121022_Munroe.html
About the Authors: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.
George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.
Tag Words: Privacy breach, patient records, medical records, confidentiality of medical records, Federal Bureau of Investigation (FBI), Department of Justice (DOJ), Health Insurance Portability and Accountability Act (HIPAA), HIPAA Privacy Regulation, HIPAA Privacy Complaint, HIPAA audits, HIPAA compliance, defense attorney, defense lawyer, legal representation, audit attorneys, health care audits, health care attorney, health care laywer
"The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.