Florida Hospital Recovering from Privacy Breach

As a health care provider, keeping patient medical records confidential is a fundamental aspect of the job description. Within those records, the most private details of a person’s life are revealed, details, that if leaked, may ruin the reputation of the patient and the health care provider.

According to the Orlando Sentinel, Florida Hospital is currently trying to recover from the damaging effects of a breach of its medical electronic records. Three employees were to blame for “inappropriate access” to the records, all nonmedical personnel.

No motive has yet been attributed to the breach, which occurred between January 2010 and August 2011. All 2,252 patients whose records may have been involved in this incident are being notified.

Though Florida Hospital screens employees before hiring, a spokesperson for the hospital believes that “nonessential” personnel should have restricted access to records.

With a federal push to have more and more records be transferred to an electronic format, health care providers need to take every precaution to make sure these files remain private. A privacy breach not only endangers patients, but can result in a slew of consequences for the organization responsible for the breach.

Perhaps the larger issue at hand is whether or not electronic medical records are safer than their paper counterparts. While electronic records may be more efficient, they can be easier to access than a paper file safely guarded under lock and key. However, the switch to electronic files seems inevitable, so the keepers need to continually evaluate and adjust security measures to protect this top secret information.

For more information about confidentiality of medical records visit our website.

Patient Privacy Breach at Nemours Follows Florida Hospital Information Leak

After a patient privacy breach at Florida Hospital a few weeks ago, another patient records scare has hit Florida – this time at Nemours.

According to the Orlando Sentinel, information belonging to Central Florida patients of Nemours Children’s Health System has gone missing.

Computer back-up tapes containing old patient billing information have disappeared from the Wilmington, Del., office of Nemours. These tapes were not password protected and stored in a locked cabinet. Company officials believe the cabinet may have been removed when the office was  remodeled in August.

Stored in the missing tapes are patient names, addresses, dates of birth, social security numbers, insurance information, medical diagnoses and treatment codes, as well as bank account information. If stolen, this information could result in identity theft.

The information of more than 1 million patients treated from 1994 to 2004 by a Nemours physician or at a Nemours facility in Florida, Delaware or Pennsylvania was contained on the missing tapes. Approximately 50% of the affected patients are from Florida.

Nemours has sent letters to patients whose information may have been compromised and is offering these patients a year of free credit monitoring and identity-theft protection.

Although Nemours is taking appropriate steps in response to this situation, a major  patient privacy breach should not be happening so frequently. This is the second major privacy breach in the last few weeks in Florida, which instills little confidence in patients in the Florida health care system. Health care providers need to be proactive in maintaining patient confidentiality. Patients trust health care providers with the most personal and sensitive details and should have reassurance that unauthorized personnel will never see this information. There should never be any reason that this information gets leaked.

A privacy breach not only impacts patients, but also health care professionals (physicians, nurses, pharmacists, administrators, etc.) who come under attack. When blame is shifted around a health care facility, the work environment may become tense and stressful, especially for those who have access to patient records.

For more information about patient privacy breaches, see this article on confidential medical records.

By |2024-03-14T10:00:25-04:00June 1, 2018|Categories: In the News, The Health Law Firm Blog|Tags: , , , , , , , |Comments Off on Patient Privacy Breach at Nemours Follows Florida Hospital Information Leak

Ex-Hospital Employee Admits to Stealing and Selling Confidential Patient Information

By Lance O. Leider, J.D., and George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On October 22, 2012, a former Florida Hospital employee admitted to stealing patient information that was used to target customers for lawyers and chiropractors, according to a number of sources. The man allegedly pleaded guilty in Orlando federal court to one count of conspiracy and one count of wrongful disclosure of health information, according to the Department of Justice (DOJ). By accessing this information the man violated criminal provisions of the Health Insurance Portability and Accountability Act (HIPAA).

To read a press release on the guilty plea from the DOJ, click here.

You may remember the news story about a privacy breach at Florida Hospital back in October 2011. The breach involved more than 700,000 patient records that were accessed by the ex-employee between 2009 and 2011. We previously wrote about that story. Click here to read the blog.

Patients Received Calls from Lawyer and Chiropractor Referrals. 

Federal investigators said the ex-hospital worker was looking specifically for information on car accident victims. He would allegedly sell that information to co-conspirators.

According to the Federal Bureau of Investigation (FBI) affidavit, some patients would receive calls offering lawyer or chiropractor referrals about a week after their hospital visit.

The FBI also allegedly found payments from co-conspirators to the former hospital employee.

To read the FBI affidavit, click here.

Will the Ex-Employee Get Prison Time?

According to the Orlando Sentinel, the ex-Florida Hospital worker faces up to 15 years in federal prison for these criminal charges.

Click here to read the entire article from the Orlando Sentinel.

The man will be sentenced on January 14, 2013. Be sure to check our blog for updates to this story.

Be Sure to Get a HIPAA Risk Assessment to Avoid Violations.

As a health provider you know that you must safeguard and protect confidential patient medical information to avoid civil and criminal penalties against you and your practice. A HIPAA Risk Assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws. We recently wrote a blog on this subject, click here to view it.

HIPAA Privacy Complaints Are Effective.

Many individuals whose privacy is breached fail to realize how effective a HIPAA Privacy Complaint can be. These complaints, which can be filed online to the Office of Civil Rights (OCR), are fully investigated. Stiff civil fines and even criminal prosecutions may result.

Since the time period is short for filing these (180 days), the first step you should take, if your medical privacy is breached, should be to file a HIPAA Privacy Complaint.

Contact Health Attorneys Experienced in the Confidentiality of Medical Records.

Our attorneys provide advice and legal opinions on confidentiality of medical records and medical information, including HIPAA Privacy Regulation, and are available to testify as expert witnesses on these issues.

For a list of applicable Federal and Florida legal authorities on “super-confidential” medical information such as mental health, HIV and drug or alcohol treatment records click here.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

Have you been following this story? Do you think the ex-hospital employee should receive the maximum sentence? Please leave any thoughtful comments below.

Sources:

Pavuk, Amy. “Ex-Hospital Employee Pleads Guilty to Stealing Patient Information.” Orlando Sentinel. (October 22, 2012). From: http://www.orlandosentinel.com/news/local/breakingnews/os-florida-hospital-patient-records-arrest-20121022,0,5057291.story

Department of Justice. “Former Florida Hospital Employee Pleads Guilty To Data Theft.” DOJ. (October 22, 2012). Press Release From: ttp://www.justice.gov/usao/flm/press/2012/oct/20121022_Munroe.html

About the Authors: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone:  (407) 331-6620.

George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Florida Man Sentenced to Prison for Role in Florida Hospital Data Theft

Lance Leider headshotBy Lance O. Leider, J.D., The Health Law Firm

A Davenport, Florida, man was sentenced to four years in prison for paying off two Florida Hospital employees to illegally access patient records, according to the Department of Justice (DOJ). A judge sentenced Sergie Kusyakov on April 10, 2013. He was charged with conspiracy and wrongful disclosure of individual identifiable health information.

Click here to read the press release from the DOJ.

Ex-Employees Sold Patient Information to a Co-Conspirator.

Mr. Kusyakov’s sentence stems from a privacy breach at Florida Hospital back in October 2011. The breach involved thousands of patient records that were illegally accessed between 2009 and 2011. Apparently Mr. Kusyakov was paying hospital employee Dale Munroe and his wife to illegally access thousands of records of patients treated at multiple Florida Hospital locations. Mr. Munroe was sentenced in January 2013. Click here to read a previous blog on that story.

Mr. Munroe was allegedly fired in July 2011, after it was learned he accessed the records of a doctor fatally shot in a parking garage. Investigators then found that Mr. Munroe had accessed more than 700,000 patient records, most of whom had been involved in vehicle accidents. Mr. Munroe then sold the records to Mr. Kusyakov, who was associated with two chiropractic clinics. The information was then used to solicit the patients for lawyers and chiropractors. After Mr. Munroe was fired, his wife began stealing patient information. She will be sentenced in July.

HIPAA Privacy Complaints Do Result in Action.

The act of accessing patient records is a direct violation of the Health Insurance Portability and Accountability Act (HIPAA). Many individuals whose privacy is breached fail to realize how effective a HIPAA Privacy Complaint can be. These complaints, which can be filed online to the Office of Civil Rights (OCR), a federal agency, are fully investigated. Stiff civil fines and even criminal prosecutions may result. In serious cases, the FBI investigates them.

Since the time period is short for filing these (180 days), the first step you should take, if your medical privacy is breached, is to file a HIPAA Privacy Complaint with the OCR. Also file a complaint with the hospital or health care provider and with the state agency that licenses the health care provider.

Contact Health Attorneys Experienced in the Confidentiality of Medical Records.

Our attorneys provide advice and legal opinions on confidentiality of medical records and medical information, including HIPAA Privacy Regulation, and are available to testify as expert witnesses on these issues.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think of Mr. Kusyakov’s sentence? Please leave any thoughtful comments below.

Sources:

Pavuk, Amy. “Man Sentenced to Federal Prison for Role in Florida Hospital Theft.” Orlando Sentinel. (April 11, 2013). From: http://www.orlandosentinel.com/news/local/breakingnews/os-florida-hospital-patient-data-theft-20130410,0,3261544.story

Department of Justice. “Davenport Man Sentenced to 4 Years in Prison of Theft of Patient Information.” Department of Justice. (April 10, 2013). From: http://www.justice.gov/usao/flm/press/2013/apr/20130410_Kusyakov.html

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Go to Top