Share this article on:
A medical assistant from Little Rock, AR. has plead guilty to one count of Aggravated Identity Theft after she illegally accessed the medical records of 13 patients, stole their Social Security numbers, and used their Protected Health Information (PHI) to secure credit.
United States District Court Judge, Susan Webber Wright, heard Mesha White, 34, plead guilty to Aggravated Identity Theft on June 3, 2015. The case has will now be scheduled for official sentencing, although the guilty plea means White will serve a mandatory two years in prison, with three years of supervised release. She must also pay back the thousands of dollars she has illegally obtained and spent in the names of 13 different patients.
White potentially faced a very lengthy jail term. She accessed and stole HIPAA-covered data without authorization; that data was taken for personal gain and White then proceeded to defraud thirteen different individuals. In April, a federal grand jury indicted White on seven counts of aggravated identity theft and seven counts of misusing a Social Security number. The guilty plea resulted in the dismissal of all but one charge of aggravated identity theft.
Dermatology Clinic Assistant Abused Data Access Rights
White used her position as a dermatology clinic assistant to gain access to protected records between November and December, 2012. After accessing and stealing data she applied for credit and started to accumulate debts. Suspicions were aroused and law enforcement officers started to investigate potential fraudulent credit activity.
Law enforcement officers managed to trace purchases to a single computer – via its unique IP address. That computer was traced to a local dermatology clinic. Officers contacted the company and White was identified as the main suspect, due to all of the transactions having taken place while she was on duty.
White went to lengths to hide her criminal activity. The goods that she purchased were not sent to her home address; but to a vacant property that she used to reside in. She would send the goods to be delivered and drive by to collect the boxes. A local resident gave a statement to law enforcement officers confirming that White used to visit the premises to collect boxes. The investigation identified the vehicle she used as a Blue BMW, which was discovered to be registered to white’s mother.
Employee Data Theft Continues to Plague Healthcare Providers
This incident is one in a number of recent cases of employee HIPAA breaches. In order to reduce the risk of employee data theft, all HIPAA-covered entities should provide additional training on HIPAA privacy and security rules. Specific mention should be made of the consequences of inappropriate access, disclosure or theft of PHI. It is essential that all members of staff understand that there will be consequences for inappropriate data access/use that extend beyond loss of an employment contract.