Associated Press reports:
Four women have been indicted on charges of stealing more than $750,000 in merchandise using personal information obtained from patients in medical offices where two women worked.
A federal grand jury in Baltimore returned the indictment on Thursday. The indictment alleges that 27-year-old Michelle Jernell Cole of Baltimore, and her sister, 30-year-old Chanell Cole of Owings Mills, worked in medical practices.
Prosecutors say the Cole sisters used the information of nearly 50 patients and with their co-defendants, took over credit accounts at department stores and bought items for their personal use.
Also indicted in the alleged conspiracy are 36-year-old Denise Wearing and 39-year-old Yolana (sic) Welch, both of Philadelphia.
SOURCE: Washington Post
AP does not report which medical practices or offices the women worked in, and given that less than 500 patients were involved, we are not likely to see this on HHS’s public-facing breach tool. PHIprivacy.net was able to uncover the identity of the practices in an affidavit in support of the criminal complaint involving Yolanda Welch.
The case against Welch arose in 2012 after the U.S. Secret Service was contacted by Macy’s Special Investigation Unit, who had been receiving reports since 2010 from approximately 100 customers that their accounts had been misused. In investigating their complaints, Macy’s discovered that about 60 of the 100 customers had been patients or employees at one of four medical practices connected to Michelle Cole or Chanell Cole. The four practices were:
Lynn Billingsley, M.D. (at Good Samaritan Hospital) (8 victims)
MedStar Health Inc. hospitals (4 victims)
Padder Health Services, LLC (7 victims)
BW Arthritis and Rheumatology (33 victims)
According to the affidavit attached to the complaint, Dr. Billingsley confirmed that Chanell Cole had been in her employ from August 2008 to May 2010, and had been fired for writing fraudulent prescriptions. During the time of her employment, she had unfettered access to patient information as well as access to a MedStar Health database.
Chanell Cole’s LinkedIn profile, uncovered by PHIprivacy.net, indicates that as of August 2013, Cole had been employed as a store manager at Laila Rowe for three years, but prior to that, she was employed by Dr. Billingsley as a medical office assistant at Good Samaritan Hospital from July 2008 – July 2010. She describes her duties this way:
Customer service greeting patients as they enter the practice or when they make an inquiry by phone. Record keeping on a daily basis. Scheduling for patients within the practice and arranging for hospital admissions for patients who need further attention. Billing and coding.
Accounts receivable/payable & bookkeeping. Dealing with insurance claims, collection and coding. Patient medical history collection and medical exam preparation.
It takes a certain amount of chutzpah to list your former employer when you were allegedly fired for writing fraudulent prescriptions.
Chanell’s sister Michelle Cole was employed by Padder Health Services from June 2010 until her firing in February 2012. She, too, was fired for writing fraudulent prescriptions and she, too, had access to patient information while employed there. She was subsequently employed by BW Arthritis and Rheumatology from February 2012 to February 2013 and had access to their patient information database.
Parenthetically, I note that the defendants were allegedly able to steal patients’ SSN from the patient databases they had access to and that Macy’s only required customers calling in orders to provide their name, address and Social Security number to place an order on a credit account. If the medical practices had not collected patients’ SSN and/or if Macy’s didn’t use SSN to authenticate, some of this crime might have been prevented.
Of course, an indictment is not a conviction and everyone is presumed innocent until any charges are proved.