A former receptionist at a dental practice in New York was sentenced to 2 to 6 years of prison for stealing the protected health information (PHI) of hundreds of patients.
The PHI of 653 patients was taken from the office and shared with a co-defendant via email. The information included names, birth dates, and Social Security numbers.
The co-defendant used the information to obtain credit lines from Barclaycard in the victims’ names. Credit ranged from $2,000 to $7,000 per individual. The co-defendant, along with others, used the credit to purchase Apple gift cards that were used to buy tablets and laptop computers that collectively cost more than $700,000.
How can this type of theft be prevented?
Unfortunately, there’s no magic bullet that puts the brakes on PHI theft. It takes a layered approach of implementing commonsense precautions to help protect patients’ PHI.”
The top four deficiencies that Smart Training‘s compliance advisors notice in its compliance assessments for TDA members are:
- No annual HIPAA risk assessment. A risk assessment is what a practice’s privacy officer uses to identify shortcomings in the practice’s efforts to protect patient information.
- Lack of encryption of all electronic storage mediums in the practice
- No regular background checks on office personnel
- No monitoring of computer login files