In a new twist to the growing problem of identity theft in hospitals, a volunteer at Jackson North Medical Center was caught using a smart phone to take photographs of more than 500 patient records, the hospital system announced Friday.
The volunteer’s misdeeds unraveled in a bizarre case that started in January, when Miramar police responded to a report of suspicious activity to find three men sitting in a car in a McDonald’s parking lot for several hours working furiously on laptops, apparently using the restaurant’s free wi-fi to file tax returns, according to court documents.
Carlos Migoya, chief executive of the Jackson Health System, said Friday in a memo to county leaders that his staff had learned of the problem in March, but federal agents asked that the case be given no publicity until they completed an investigation.
In the McDonald’s parking lot, police found that the men had a stack of papers with the names of more than 100 people with their Social Security numbers and addresses, according to court documents. Darian McKenzie, 21, was arrested. He later told police that he had received the confidential information from Loverson Gelmine, 21, a volunteer at Jackson North.
Police recorded phone calls between McKenzie and Gelmine that led to another meeting in a McDonald’s, where they used the free wi-fi as they worked on a laptop to fill out a fraudulent tax return that they planned to submit online, according to court documents. Police recorded the event and arrested them before they filed the return.
Gelmine later admitted he had been selling the patient information — getting $300 for 50 names, according to court records. He was sentenced to two years in prison for aggravated identity theft. McKenzie was sentenced to three years’ probation.
Theft of patient data has been increasing in hospitals in South Florida and throughout the country. In September, the University of Miami announced that untold thousands of patients had their information stolen over 22 months. Last year, Jackson said an employee had stolen information on 1,800 patients.
In 2006, a front desk coordinator at the Cleveland Clinic in Weston was charged with downloading computer information on 1,100 patients that was used to submit $2.8 million in fraudulent claims to Medicare.
In virtually all such cases, hospitals employees with access to computers obtain the data and then resell the information to others who create phony claims that are then sent to insurers or the Internal Revenue Service.
The latest Jackson case reveals that the ever-growing use of camera-equipped phones makes it easy to steal information even without computer access.
Gelmine served as a volunteer in the Jackson North emergency room without computer access. He used his phone to take photos of paper records, according to Migoya’s memo. The memo indicated that investigators found Gelmine’s phone contained 1,200 photos of records of 566 patients on his phone.
On Friday, as required by law in identity theft cases, Jackson made a formal announcement of the problem. Migoya said that the patients involved had been notified and offered free credit-monitoring services.
Jackson has created a “more robust orientation program [that] now informs volunteers that they may not use smartphones in patient-care areas — doing so is grounds for immediate dismissal,” Migoya said.
With the advent of electronic records, patient information has been increasingly at risk. In 2010, AvMed, the health insurer, reported that data of 1.2 million patients was on two laptops stolen from its offices. In 2008, data on 2.1 million University of Miami patients was inside in a box taken from a parked van.
In both those cases, it is unclear whether the data was ever used for fraudulent claims.