Pharmacy Technician Suspended over 100-Patient Data Theft

A pharmacy technician who worked at CVS in San Diego has recently had her pharmacy technician’s license suspended (under Business and Professions Code 494) by the California State Board of Pharmacy after she was discovered to have accessed and stolen the Protected Health Information of around 100 patients.

Nicole Yvonne Flores was employed at the San Diego’s Imperial Beach branch of CVS Pharmacy, where she had held the position since 2008, until 2015 when the data theft was discovered and she lost her job. The theft was discovered by the Secret Service, which conducted a raid on the apartment of Flores early last month.

The Secret Service discovered a number of patient records in her apartment, and notified CVS of the potential theft of data. Flores was interviewed about by CVS management on June 10, 2015. During the interview Flores admitted that she had copied and removed patient records between May, 2013 and November, 2014, as well as during a three month period between February and April, 2015.

The records were obtained when patients came to the drop off counter. Flores would print off patient information and put the sheets in her pocket. To reduce the risk of being caught, Flores took just one or two patient records at a time, every two weeks or so. In total, approximately 100 files were taken.

Flores apologized for her actions and said she knew she was violating CVS policies by taking the data, but claims she was being threatened and coerced into the theft by her property manager, who wanted the records to obtain credit and credit cards. The property manager, referred to as G.M, told Flores that if she did not supply her with the information, she would alert her father; a man who had previously been convicted of attempted murder.

Flores said she was aware that G.M was using the information to commit fraud, and said the credit cards were primarily used to obtain goods from stores such as Home Depot, Target, Sears, Amazon, Zappos, Pottery Bard, and Justice.

As a result of her actions, Flores was required to go before the California State Board of Pharmacy, which suspended her license. Three causes for discipline were cited: Committing “an act involving dishonesty, fraud, deceit, or corruption”; “general unprofessional conduct”, as well as violating the Health Insurance Portability and Accountability Act (HIPAA).

She is now not permitted to practice as a pharmacy technician until a full investigation has been conducted and a final decision has been made about the accusations. At present, Flores has only had her license suspended, although it is highly probable that her license will be permanently revoked. Flores is also likely to face a civil action for the data theft, and will be required to cover the cost of the investigation and enforcement of the case.

A spokesman for CVS, Mike DeAngelis, recently issued a statement saying “The alleged actions of Ms. Flores are a flagrant violation of the stringent policies and procedures we have in place for the handling of patient information. She is no longer employed with CVS, and we are fully cooperating with the authorities in the investigation of this matter.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.