25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Hospital X-Ray Scam Provides Thieves with PHI of 17K Patients

Posted By on May 8, 2013

When the Raleigh Orthopedic Clinic arranged for its X-ray films to be modernized and transferred to digital media, the healthcare organization naturally sought external assistance. A third party vendor was located that could offer the service and the X-ray films were sent for conversion.

The contract was arranged in January of this year and the films were dispatched; however when the clinic failed to receive the electronic copies of the data suspicions were aroused. An investigation was conducted into the matter in the first week of March and it was determined that the clinic had been involved in a scam.

In contrast to other security breaches where thieves deliberately set out to steal ePHI to commit fraud, in this case the thieves wanted the x-ray film for the silver it contained. Raleigh Ortho discovered that its X-rays had been sold on to a recycling company based in Ohio which offers a service to recycle X-ray films.

It is understood that the unspecified company used by the hospital obtained the X-rays fraudulently with a view to selling the silver. X-ray films contain approximately 2% silver and thieves are able to sell the metal for as much as $24.50 per ounce according to the News & Observer.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

This is not the first time a healthcare company has been scammed into giving thieves valuable X-rays. In 2012, police arrested two men from South Carolina who had managed to obtain X-rays from 38 healthcare facilities by posing as employees of a recycling company.

Raleigh Orthopedic Clinic has confirmed that while it believes the X-rays were taken for their silver content and the X-rays have now been destroyed, patients should be vigilant and review their credit card and bank accounts closely over the next few months in case the thieves also copied the data.

The X-rays included PHI of 17,000 patients, although the information was limited to full names, dates of birth and any medical problems shown by the x-ray films. The clinic is in the process of contacting those affected to alert them about the security breach in accordance with HIPAA breach notification rules.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist