HIPAA Violation Charged in Records Theft

Authorities Allege 4,500 Patient Records Stolen
HIPAA Violation Charged in Records Theft
An Alabama woman has been charged with violating the HIPAA Privacy Rule following allegations that she stole identifying information on about 4,500 patients from Trinity Medical Center in Birmingham.

Chelsea Catherine Stewart of Alabaster allegedly stole the patient information from the medical center, formerly Baptist Montclair Hospital, between March 22 and April 18, while an associate of hers was a patient at the hospital, according to Joyce White Vance, U.S. Attorney for the Northern District of Alabama.

The stolen records, which spanned several years, included patient names, dates of birth and Social Security numbers, according to the criminal complaint. Local police recovered hundreds of pages containing the information while executing a search warrant at a residence where she was staying, the complaint says.

In a statement on its website, Trinity Medical Center says that surgery schedules were stolen from a closed patient registration area the last week of March. "As a result of the theft, the hospital is increasing its security by changing access to the registration area of the involved department," according to the statement. "All stolen information has been recovered. ... The hospital has no reason to believe this information has been or will be used in a way that would cause harm."

Nevertheless, the medical center has notified all patients affected and offered them free credit monitoring services for a year. The HITECH Act breach notification rule requires notifying patients, as well as the Department of Health and Human Services' Office for Civil Rights, about breach incidents.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.