VA Hospital Worker Pleads Guilty to Identity Theft of More Than 1,000 Patients

Healthcare Compliance Perspective – Identity Theft:

The Privacy Officer needs to ensure that there is a policy and procedure on what to do if there is a breach of protected health information (PHI). The Privacy Officer should make sure that the policy has been implemented and that staff and senior management understand what to do if they suspect that a breach has occurred. An audit using a survey should be done to make sure that everybody knows what to do when a PHI breach occurs. Another audit should be developed and implemented to discover any potential areas of vulnerability or reveal personnel who may have unauthorized access to PHI.

 

In April, a couple of Veteran’s Administration security officers noticed a man driving a car with license plate numbers normally used on a commercial vehicle. Since the car was an obvious personal vehicle, the officers checked out the numbers and found that they were not issued to that car.

The officers stopped the vehicle and while they were interviewing the driver, one of them noticed an open medication container in the open glove box. On closer examination, it was discovered that there were various medications in the container that were not prescribed for the man. Further checking revealed that the man also had the personal patient data of 14 people that included their names, birthdates and full Social Security numbers.

The man was taken into custody and a search was ordered and carried out of his apartment that produced several hard drives and flash drives with patient information on more than 1,000 patients. During the search at the man’s apartment, police also found $1,000 worth of cleaning supplies that had been stolen from the VA hospital where the man had worked for less than a year as a clerk.

The man was charged with multiple offenses and pled guilty to grand theft and identity theft. He was sentenced to three years in a California state prison.

The VA facility issued this statement in a press release, “While there is no indication of any veteran identification information being used fraudulently, VA will send letters to all 1,030 potentially impacted veterans and provide 12 months of free credit-monitoring services.”