Recently we wrote about gang members stealing patient information and filing false tax returns and we wrote about meth dealers stealing patient information to obtain the materials to manufacture methamphetamine.
Once again a there is a case where a hospital employee is accused of stealing patient information and selling it in exchange for crack cocaine. The patient information was used to file false tax returns.
Federal authorities say employees at the James A. Haley VA Medical Center and Tampa General Hospital stole patients’ identities in tax fraud schemes.
Haley employee David F. Lewis is accused of taking the names and Social Security numbers of dozens of hospital patients and selling the information to people who used it to file fraudulent tax returns and get refunds, the U.S. Attorney’s Office in Tampa said Wednesday.
Lewis has a severe drug problem and acknowledged to investigators that he sold some of the patient information in exchange for crack cocaine, federal prosecutors said. Haley officials declined to comment but confirmed that Lewis worked as a medical support assistant until he was transferred to the hospital laundry earlier this year.
Lewis made $105,271 in the scheme, which the government said it is seeking to recover. He has pleaded not guilty to 12 charges that include aggravated identity theft and the wrongful disclosure of health information
The report only says that he is accused of selling “dozens” of patient records. Let’s assume it is 4 dozen records or 48 records. Lewis made over $105,000 in exchange for 48 records. That is over $2,000 per record. With such a high price tag on illegal patient information, is it any wonder we keep hearing about these types of stories?
Audit Record Access
It is critical that employees receive training that makes them aware that all access to patient information is being recorded. Knowing that they are being watched may act as a deterrent to prevent illegal activity.
In addition, all covered entities (hospitals and medical practices) should review audit logs of EMRs. Without reviewing audit logs it is almost impossible to catch or prevent unauthorized access or theft of patient information.
Training Your Employees About PHI Auditing Their Actions Are Being Watched
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!