25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Former Aegis Medical Group Employee Potentially Accessed 9,800 Records Without Authorization

Posted By on Nov 20, 2019

The Florida physician network, Aegis Medical Group, has started notifying 9,800 patients that their protected health information may have been accessed by a former employee. That individual is understood to have attempted to sell patient records to third parties suspected of being involved in identity theft and fraud.

Aegis Medical Group was informed by law enforcement on September 11, 2019 about the employee. The law enforcement investigation determined that the employee attempted to sell the data of just two patients. Working with law enforcement, the physician network determined that the records of up to 9,800 patients were potentially accessed by the employee between July 24, 2019 and September 9, 2019.

The information contained in the records was limited to first and last names, dates of birth, account numbers, postal addresses, diagnosis information, and Social Security numbers. Approximately 75% of the records that may have been accessed were physical records rather than electronic copies.

Following notification by law enforcement, Aegis Medical Group immediately terminated the employee. It is unclear at this point in time whether the former employee has been charged.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Due to the nature of data exposed, all affected patients have been advised to monitor their accounts, explanation of benefits statements, and credit card statements for signs of misuse of their information and have been told about other steps they can take to prevent identity theft and fraud. Complimentary credit monitoring and identity theft protection services are also being provided.

Aegis Medical Group has confirmed that all physical records were stored properly although, to improve security, physical records are now being converted to digital formats as digital records are easier to secure and monitor for unauthorized access. Employees have been notified about the incident, told about the consequences of improper PHI access, and the importance of maintaining the confidentiality and security of patient records.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist