Hannah Wolfson reports:
A woman was charged Thursday with stealing 4,500 patients’ medical records from Trinity Medical Center, possibly with the intent of using them for identity theft.
Chelsea Catherine Stewart, 26, was arrested Thursday morning by U.S. Postal inspectors, who said they found hundreds of pages with names, birth dates and Social Security numbers at a house in Alabaster where Stewart was staying. The files spanned several years, including before 2006, when Trinity was still Montclair Baptist Medical Center.
Trinity officials said surgery schedules were stolen from a closed patient registration area. The hospital planned to run an announcement of the data breach in today’s edition of The Birmingham News and has also mailed letters to all affected patients.
[…]
Stewart was charged Thursday with violating the federal Health Insurance Portability and Accountability Act, which protects the privacy of medical records, and released on an unsecured bond of $5,000. She has not been indicted and did not have to enter a plea. She may face additional charges, said her court-appointed attorney, Scott Brower.
According to the charging document, Stewart said she had taken the records from the hospital when visiting a patient there between March 22 and April 1. Postal inspector John Bailey found the paperwork April 8 at a house in Alabaster where Stewart was staying, he said in an affidavit.
Read more on al.com.
Criminal charges under HIPAA are still fairly uncommon.
A statement on Trinity’s web site says:
During the last week of March 2011, surgery schedules were stolen from a closed patient registration area. These documents were recovered during an investigation of mail theft by the U.S. Postal Inspector during the first week of April 2011. The U.S. Postal Inspector notified the hospital of the theft at that time. Over the past few weeks, Trinity has worked with the Postal Inspector and police to identify all patients whose information was stolen. If you were a Trinity patient and your information was included in this theft, Trinity has sent you a letter personally notifying you of this event and offering free credit monitoring.
The information contained on the surgery schedules included patient names, dates of birth, social security numbers, and some medical information such as the scheduled procedure. Trinity is committed to maintaining the privacy and security of our patients’ information and sincerely regrets that this breach occurred. As a result of the theft, the hospital is increasing security by changing access to the registration area of the involved department.
All stolen information has been recovered and an arrest has been made in the case. The hospital has no reason to believe this information has been or will be used in a way that would cause harm.
Trinity is helping affected patients take steps to protect themselves against any possible misuse of their financial information, including one free year membership in Experian’s Triple Advantage Premium Credit Monitoring program at no cost to affected patients. In order to take advantage of this free Credit Monitoring Program please call 1-866-367-5548 to obtain your Credit Monitoring Program Activation Code and for information on how to activate your membership.
Other steps individuals may take to protect their financial information include:
Check credit reports frequently and address suspicious activity quickly
Add a fraud alert message to credit reports
Visit the Federal Trade Commission’s website: www.ftc.gov/bcp/edu/microsites/idtheft/ or call toll-free, 1-877-438-4338 for detailed information on avoiding, detecting, and reporting identity theft.Trinity Medical Center sincerely apologizes to its patients who were affected by this incident and has provided each of them with a written letter of notification.