Hospital staff caught snooping, putting privacy and identity at risk

News ripped from recent headlines focuses on privacy violations and medical identity theft by hospital employees in three states. Medical identity theft is a fraud-facilitating crime, as FierceHealthPayer: AntiFraud previously reported; between 2012 and 2013, the number of medical identity theft victims grew by 19 percent.

In Dallas, a former Parkland Hospital registration specialist pleaded guilty to a federal fraud charge last week after stealing patient information, the FBI announced.

Viju Mathew was responsible for entering patient data into the hospital's computer system. He had access to a wealth of confidential or protected health information including names, birth dates, telephone numbers and health insurance identification numbers. Mathew admitted to lifting this information with the intent of using it to drum up new clients for his sideline home healthcare business. Now he faces up to five years in prison and a $250,000 fine.

In Worcester, Massachusetts, a man who says his identity was filched by a former employee of the University of Massachusetts Memorial Medical Center filed a lawsuit against the hospital, according to the Eagle-Tribune. Robert Jackson was one of about 2,400 patients whose information was breached by a subsequently fired hospital employee who now faces criminal identity theft charges. Jackson wants the hospital to compensate each victim $3,000, the newspaper noted.  

Finally, in Cleveland, University Hospitals announced Friday that an employee accessed 692 electronic medical records in three years without a work-related need to do so, Cleveland.com reported.

The person viewed names, phone numbers, home and email addresses, medical and health insurance account numbers, information on office visits and personal financial information including credit and debit card numbers. The employee was fired, and University Hospitals referred the incident to law enforcement. The hospitals notified affected patients, offered them a year of free credit monitoring and identity theft protection and set up a toll-free hotline for personal consultations.

"This is a major breach," Pam Dixon, executive director of the non-profit research group World Privacy Forum, told Cleveland.com, adding that it could take up to two years to know if fraud followed on the heels of the improper access.   

For more:
- read the FBI announcement
- here's the Eagle-Tribune article
- see the Cleveland.com article

Suggested Articles

The HHS OIG is asking for an additional $23.7 million to support fraud oversight that has benefited from an emphasis on data analytics.

A New York surgeon was sentenced to 13 years in prison for fraud and more physician practice news from around the web.

A federal judge has ruled that the U.S. government’s remaining fraud case against UnitedHealth can move forward.