HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Identity Thief Sentenced to 4 Years for Selling Stolen Rotech Healthcare Data

A Florida man has been sentenced to serve four years in federal jail for selling medical records obtained from the medical device firm, Rotech Healthcare.

Vickie Lorenzo Bryant, 39, from Plant City, FL made contact with a government informant in May 2016 and offered to sell personally identifiable information of 957 individuals who had received medical devices from Rotech Healthcare.

This was not the first time Bryant had attempted to sell stolen data to identity thieves and fraudsters. The confidential informant had previously purchased other individuals’ data from Bryant and had used the information to obtain Florida driver’s licenses, make counterfeit credit cards, and purchase mobile phones in the victims’ names.

Bryant met with the informant on two occasions in June 2016 and sold the data of 957 different individuals. Bryant asked to be paid $15,000 for the batch of data or $15 per identity.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Around 1,000 documents were handed over to law enforcement and were found to contain a range of personal and medical information about the victims, including names, addresses, Social Security numbers and dates of birth.  Law enforcement contacted those individuals and all confirmed that they had all previously received respiratory or sleep apnea devices from Rotech Healthcare in the past. Rotech Healthcare was alerted to the data breach by law enforcement on June 13, 2016 and all patients were notified of the incident shortly thereafter.

Bryant was arrested and pleaded guilty to access device fraud and aggravated identity theft on August 23, 2016 and was sentenced by U.S. District Judge Charlene Edwards Honeywell on Tuesday last week.

Bryant did not personally steal the data from Rotech Healthcare. Two co-conspirators who were employed at Rotech allegedly obtained the data and sold it to Bryant. Fontella James and Sharmekia Young were indicted on September 29, 2016 and have been charged with conspiracy, computer intrusion, and crimes related to identity theft and are awaiting trial.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.