HIPAA Violation Charged in Records TheftAuthorities Allege 4,500 Patient Records Stolen
Chelsea Catherine Stewart of Alabaster allegedly stole the patient information from the medical center, formerly Baptist Montclair Hospital, between March 22 and April 18, while an associate of hers was a patient at the hospital, according to Joyce White Vance, U.S. Attorney for the Northern District of Alabama.
The stolen records, which spanned several years, included patient names, dates of birth and Social Security numbers, according to the criminal complaint. Local police recovered hundreds of pages containing the information while executing a search warrant at a residence where she was staying, the complaint says.
In a statement on its website, Trinity Medical Center says that surgery schedules were stolen from a closed patient registration area the last week of March. "As a result of the theft, the hospital is increasing its security by changing access to the registration area of the involved department," according to the statement. "All stolen information has been recovered. ... The hospital has no reason to believe this information has been or will be used in a way that would cause harm."
Nevertheless, the medical center has notified all patients affected and offered them free credit monitoring services for a year. The HITECH Act breach notification rule requires notifying patients, as well as the Department of Health and Human Services' Office for Civil Rights, about breach incidents.