The Orlando Sentinel has updated its reporting on the Florida Hospital breach. You can read their coverage here, but among the new details revealed are that 2,252 patients are affected and that the purpose of the improper access seemed to be to identify car accident victims whose contact details could then be passed to an attorney referral service.
This is not the first time I’ve read about employees using patient information for attorneys or attorney referral services. There was a case like this in Texas back in 2003 involving employees at Memorial Hermann Hospital and Ben Taub Hospital. More recently, we saw a case like this involving the University Medical Center of Southern Nevada. If there have been other cases like this, I’m not recalling them offhand.
Whether there will be criminal HIPAA prosecution in this case remains to be seen, although I wouldn’t be surprised if there is one.
On the other end of the equation, I hope we see prosecution of those who solicit people to breach HIPAA protections. And if any attorney is knowingly getting leads based on stolen data, I hope to heck they are disbarred.