Matt Peterson reports:
Authorities are investigating the theft of thousands of patient records at Parkland Memorial Hospital, allegedly by a former employee.
The theft, which came to light in September, led to the firing of the employee, who worked as a registrar in the hospital and had access to patient files for his job.
The employee, who is not being named, also owns a home health care agency and officials believe he used the information to contact patients as potential clients.
Further investigation by the Dallas County Hospital District police revealed that the employee had inappropriately accessed more than 2,000 patient records.
The personal information of 1,311 patients was contained in the stolen reports. This information includes patient name, age, gender, Medicare coverage, phone number and date of birth.
Of the 1,311 records that contained patient information, 232 of them also included the Social Security numbers of the patients.
Parkland officials have notified all impacted patients and are paying for them to enroll in a credit monitoring service for one year.
Source: Dallas Morning News.
This is the second blog entry this week relating to an insider data breach where the motivation was presumably trade secrets/competitive advantage. The first case was Berkeley HeartLab, which appears to be an expensive breach in terms of litigation costs, settlement, compliance, and breach notification and mitigation services to affected patients. In this case, the motivation is not competitive as much as having/gaining leads to a potential client pool, I would imagine.
I note that there’s no mention of any arrest at this point. Will this man be charged criminally under HIPAA or under Texas law, or both? If the investigation bears out the details reported so far, I hope he is charged.
Updated December 9: When this incident was reported to HHS, they indicated that 2,464 patients were affected.