Looking for a Business Associate Agreement? Download our FREE starter BAA template.

Total HIPAA Logo

Stop PHI from Being Stolen

The Total HIPAA blog to-date has focused on strategies to protect your clients’/patients’ information, but we’re going to change it up this week. We recently came across a white paper from the Ponemon Institute. They reported there were over 1.8 million victims of medical identity theft in 2013.

According to this report, the risk that your Protected Health Information would be compromised went up a whopping 19% over the previous year. Most shocking, many of the issues companies and healthcare practices are running into aren’t from hackers or outsiders – they are trusted individuals inside the organization. These are a few examples of employees, business associates, and even volunteers that have stolen PHI, used it for monetary gain and what you can do to try to protect yourself.


These 2 examples are very new, and haven’t been adjudicated, yet.

    1. An office worker in a medical office in Owensboro, KY used patient information to get personal loans ranging from $300 to $7,000.

Read More

    1. A medical records administrator in Hackensack, NJ was arrested for stealing patient identities to commit credit card fraud. She is being held on $35,000 bond at the moment.

Read More

Business Associate-

Over four years, a supervisor at a billing and collection company filed false tax returns using stolen patient information. “She was using her name, her husband’s name, her daughter’s name in order to not be detected. She started using varying forms of her name, husband’s name, to get these refund checks requested,” says U.S. Postal Inspector Jamie Portell.

Read More


A volunteer working at a VA Hospital stole patient information and filed false tax returns for over $550,000.

Read More

How do you prevent these HIPAA violations in your company/practice?

  1. Background checks – Before hiring staff or allowing volunteers on the premises, it’s important to know with whom you’re working. This means criminal records, reference checks, and possibly a financial check before employment.
  2. Conduct a Risk Assessment – Many people overlook this important and required HIPAA regulation. You need to identify areas of vulnerability and what you can do to address them.
  3. Creating Privacy and Security Policies and Procedures – Another requirement of HIPAA, and for good reason! Make sure you develop these compliance documents and train your employees on what’s in them. The best policies and procedures are useless if no one reads or knows anything about them.
  4. Train your Staff – Your employees should know what are proper behaviors and use of PHI. In many of the referenced cases it wouldn’t have stopped the offenders, but perhaps a colleague would have seen irregular behavior, or access to information.
  5. Perform Periodic Audits – In this case, you’re looking for high-risk behaviors. Are there documentation errors? Is an employee accessing a patient record they don’t have authorization to access? Is there irregular behavior observed in the system?

Even with the best protections in place, thefts can still happen, but by being proactive you can better protect your company/practice and the information entrusted to you.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)