Governance & Risk Management , Privacy

Selling Records for Profit Alleged

Hospital Staffer Targeted Accident Victims' Records, FBI Says
Selling Records for Profit Alleged

A former staff member at Florida Hospital Celebration was arrested last week for allegedly inappropriately accessing more than 760,000 electronic health records with the intent to disclose, transfer or sell certain information for personal gain.

See Also: Demonstrating HIPAA Compliance

Dale Munroe, a former emergency department registration representative, accessed the records from 2009 to the third quarter of 2011, according to a criminal complaint that the Federal Bureau of Investigation filed Aug. 13 in the U.S. District Court Middle District of Florida, Orlando Division. Munroe was arrested by federal agents on Aug. 14 and released, with a preliminary hearing slated for Sept. 4, according to a spokeswoman in the U.S. Attorney's office for Florida's Middle District. The complaint charges Munroe violated HIPAA privacy regulations.

The computer Munroe used could access the emergency department patient lists from other Florida Hospital locations beyond the site where he worked. Florida Hospital is a delivery system with 22 campuses throughout the state. The complaint says a significant number of records Munroe accessed were for patients treated at sites other than the hospital in Celebration.

Accident Victims Targeted

Many of the medical records Munroe allegedly scrolled through were for individuals involved in automobile accidents, the complaint notes. And many of those patients subsequently received solicitation phone calls for attorney or chiropractor services. Investigators determined there were more than 12,000 patients that fit this description of inappropriate access to their personal health information.

On the U.S. Department of Health and Human Services' Office of Civil Right's list of major health information breaches, Florida Hospital is listed as having an Aug 10, 2011, breach affecting 12,784 individuals and involving unauthorized access to EHRs.

A spokeswoman for Florida Hospital said she did not know whether the incident listed on the HHS site was the same case allegedly involving Munroe. She said the organization had no comment on the case.

Munroe had been fired from his position at Florida Hospital Celebration in July 2011 for inappropriately accessing the records of a physician who had been fatally shot in a hospital parking garage, according to the criminal complaint. At the time of Munroe's firing for that incident, the hospital was unaware of his unauthorized access to other patient records, the complaint notes.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.