HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Plastic Surgery Clinic Employee Suspected of Stealing 15,000 Patient Records

A former employee of a Californian plastic surgery clinic is suspected of stealing the medical records of around 15,000 patients.

The employee worked at the Rodeo Drive clinic in Beverly Hills run by Dr. Zain Kadri. The employee had been employed as a driver and translator since September 2016, but had subsequently been given other duties such as data entry. Allegedly, she quit the practice on May 13 after being accused of embezzlement.

The employee was later discovered to have taken photographs of patients before and during surgical procedures and uploaded those pictures to the image sharing site Snapchat.

Further data theft was uncovered in May while the clinic was transferring paper records to digital files. As part of that process, the clinic checked a company phone used by the former employee. Images were discovered on the device including photographs of patients, but also photographs of patient IDs, usernames and passwords, copies of checks and credit and debit card information. Conversations were also reportedly recorded by the employee. It is unclear how much of that information was shared on social media or was stolen.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The clinic has performed surgeries on several celebrities, many of whom have had their privacy violated. The patients affected by the incident come from 16 U.S. states and four countries. The potential harm from misuse of the information is considerable.

The data theft has been reported to the Los Angeles County Sheriff’s Department and the incident is being investigated. All patients affected by the breach are now being notified that their information may have been stolen. At this stage, it is unclear whether charges will be filed against the former employee.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.