TRENDING:

HIPAA Violation Charged in Records Theft

Authorities Allege 4,500 Patient Records Stolen Howard Anderson (ismg_editor) • June 6, 2011    
HIPAA Violation Charged in Records Theft
An Alabama woman has been charged with violating the HIPAA Privacy Rule following allegations that she stole identifying information on about 4,500 patients from Trinity Medical Center in Birmingham.

Chelsea Catherine Stewart of Alabaster allegedly stole the patient information from the medical center, formerly Baptist Montclair Hospital, between March 22 and April 18, while an associate of hers was a patient at the hospital, according to Joyce White Vance, U.S. Attorney for the Northern District of Alabama.

The stolen records, which spanned several years, included patient names, dates of birth and Social Security numbers, according to the criminal complaint. Local police recovered hundreds of pages containing the information while executing a search warrant at a residence where she was staying, the complaint says.

In a statement on its website, Trinity Medical Center says that surgery schedules were stolen from a closed patient registration area the last week of March. "As a result of the theft, the hospital is increasing its security by changing access to the registration area of the involved department," according to the statement. "All stolen information has been recovered. ... The hospital has no reason to believe this information has been or will be used in a way that would cause harm."

Nevertheless, the medical center has notified all patients affected and offered them free credit monitoring services for a year. The HITECH Act breach notification rule requires notifying patients, as well as the Department of Health and Human Services' Office for Civil Rights, about breach incidents.

Previous
Hospital Investigates Records Hoarding
Next
Feds to Issue New Metrics to Assess Gov't Infosec

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.