Governance & Risk Management , Privacy
Selling Records for Profit AllegedHospital Staffer Targeted Accident Victims' Records, FBI Says
A former staff member at Florida Hospital Celebration was arrested last week for allegedly inappropriately accessing more than 760,000 electronic health records with the intent to disclose, transfer or sell certain information for personal gain.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Dale Munroe, a former emergency department registration representative, accessed the records from 2009 to the third quarter of 2011, according to a criminal complaint that the Federal Bureau of Investigation filed Aug. 13 in the U.S. District Court Middle District of Florida, Orlando Division. Munroe was arrested by federal agents on Aug. 14 and released, with a preliminary hearing slated for Sept. 4, according to a spokeswoman in the U.S. Attorney's office for Florida's Middle District. The complaint charges Munroe violated HIPAA privacy regulations.
The computer Munroe used could access the emergency department patient lists from other Florida Hospital locations beyond the site where he worked. Florida Hospital is a delivery system with 22 campuses throughout the state. The complaint says a significant number of records Munroe accessed were for patients treated at sites other than the hospital in Celebration.
Accident Victims Targeted
Many of the medical records Munroe allegedly scrolled through were for individuals involved in automobile accidents, the complaint notes. And many of those patients subsequently received solicitation phone calls for attorney or chiropractor services. Investigators determined there were more than 12,000 patients that fit this description of inappropriate access to their personal health information.
On the U.S. Department of Health and Human Services' Office of Civil Right's list of major health information breaches, Florida Hospital is listed as having an Aug 10, 2011, breach affecting 12,784 individuals and involving unauthorized access to EHRs.
A spokeswoman for Florida Hospital said she did not know whether the incident listed on the HHS site was the same case allegedly involving Munroe. She said the organization had no comment on the case.
Munroe had been fired from his position at Florida Hospital Celebration in July 2011 for inappropriately accessing the records of a physician who had been fatally shot in a hospital parking garage, according to the criminal complaint. At the time of Munroe's firing for that incident, the hospital was unaware of his unauthorized access to other patient records, the complaint notes.