HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Rogue Employee Steals 24000 Jackson Health System Patient Records

A Jackson Health System employee stands accused of stealing around 24,000 patient records over a period of 5 years. The hospital unit secretary has been placed on administrative leave pending the conclusion of an internal investigation into the extended HIPAA breach. The suspected theft of patient information has also been reported to law enforcement.

Interestingly, the employee has been named but not yet fired. This suggests that the evidence already collected against the individual is substantial.

The employee in question is Evelina Reid. She has been employed by Jackson Health since 2005 as a hospital unit secretary for the main operating room in the Miami-Dade public hospital network. An initial review of the privacy breaches indicates Reid accessed 24,188 patient health records over a period of 5 years without a legitimate reason for doing so.

Reid is understood to have inappropriately accessed and viewed patient data including names, dates of birth, addresses, and Social Security numbers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

South Florida is well known for identity theft and has had more than double the number of identity theft complaints than any other metro area in the country. Last year NerdWallet reported there were 18,000 cases of identity theft reported in South Florida, compared to 7,500 in Seattle metro area, which ranked in second place.

Since there is a risk that patient data have been used inappropriately, all affected individuals are being offered credit monitoring services without charge. Affected patients will be contacted by mail in the next few days and will be advised of the privacy breach.

The news comes just a matter of days after the announcement of the firing of two of the health system’s employees after they inappropriately accessed the health record of NFL football player Jason Pierre Paul.

Jackson Health System CEO Carlos Migoya pointed out that these are isolated incidents, with a statement issued to Miami Dade officials stating Reid is a “rogue hospital employee.”

Migoya said Jackson Health is currently undergoing an upgrade of its security systems and will be conducting further staff training on patient privacy. He understands the harm that these incidents can cause patients and the negative effect that privacy breaches have on public perception of the health system. He recently said, “we must have an impeccable reputation for respecting the privacy of our patients and their records,” and is keen to make sure that the health system’s reputation is repaired.

The new patient data security system is currently being acquired and once implemented will make it easier and quicker for Jackson Health to identify and take action over privacy breaches. The security system is much needed given the fact that it took 5 years for Reid’s alleged spree of patient record theft to be identified.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.