For all the HIPAA precautions a facility takes, there is still the very real danger that they will be done in by one of their own, as a report about the prestigious Johns Hopkins Hospital demonstrated last week.
A federal jury indicted Jasmine Smith, a Hopkins employee, and four other accomplices on charges of fraud and identity theft relating to a scheme using stolen HIPAA protected patient data to obtain more than $600,000 in credit from more than 50 banks and stores across Maryland.
The charges allege that Smith used her trusted position at the hospital to obtain the names, social security numbers, addresses and other personal details belonging to patients admitted to the Baltimore facility. She and her accomplices then used the information to gain credit at various banks, Best Buy, Sears and even Toys R Us.
The defendants face a maximum sentence of 30 years in prison for conspiracy to commit bank fraud and two years in prison for aggravated identity theft.
Read the US Attorney’s press release here