25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Criminal Charges Filed Against Alabama Woman for HIPAA Violations

Posted By on Jun 14, 2011

A woman from Alabaster has been charged with stealing surgery schedules of patients containing names, dates of birth and social security numbers from the Trinity Medical Center in Birmingham, Ala.

Chelsea Catherine Stewart did not work at the hospital, but visited a patient who was receiving treatment on numerous occasions between March 22 and April 8, 2011. During her visits Stewart also entered a patient registration area where she stole the records. In total she obtained over 4,500 patient records during her visits.

The woman had some form. She was involved in an investigation into credit card fraud, and law enforcement officers had already obtained footage of her using stolen credit card to pay for goods. She is alleged to have taken the schedules for the information they contained with the intention of committing identity fraud.

When law enforcement officers went to Stewart’s house on April 8, 2011, they discovered the surgery schedules along with notes written by Stewart which they referred to as an identity fraud “to do list.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

All patients who are understood to have been affected by the data breach have now been contacted and have been offered credit protection services for a period of a year without any charge to mitigate any damage caused by the incident.

It is not known whether Stewart had time to use any of the information, but the hospital has confirmed that it did manage to recover all of the schedules and the threat is believed to now be over. However, questions may be asked about how a member of the public was able to walk into the hospital on several occasions and obtain PHI.

It is the responsibility of covered entities to ensure that PHI is protected at all times, and the incident suggests that this was not the case and the hospital violated the HIPAA Security Rule for failing to implement the physical controls to prevent the accidental disclosure of PHI.

If Stewart is convicted of the crime, she can be sentenced to up to 10 years in prison, in addition to covering a fine of up to $250,000. If Trinity Medical Center is investigated by the Office for Civil Rights and HIPAA violations are discovered, it too could be penalized. Fines of up to $1.5 million can be issued if serious violations of HIPAA Rues are discovered.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist