Medical Biller Sentenced For Fraud Committed With Stolen Patient Information

On June 15, 2009, in the Los Angeles County Superior Court, James Allen Wilson, a former Cedars-Sinai Medical Center employee was sentenced by Judge Samuel Mayerson to four years and eight months in prison after pleading guilty to stealing patient information to defraud insurance firms of $354,000. Mr. Wilson had worked as a billing clerk in Cedars' workers' compensation accounts department from 2003 to 2007. The case was prosecuted by the Health Fraud Division of the Los Angeles District Attorney's Office.

The fraud alleged here was more complicated than simple identity theft. Mr. Wilson's job authorized him to access to the hospital's electronic medical record system, and gave him access to patients who had workers' compensation claims. Then Mr. Wilson allegedly set up a fake laboratory company and used the information from patient files to bill workers' compensation insurers.

Wilson was charged with using the information of 12 patients, all of them L.A. Unified School District employees who had filed workers' compensation claims, to bill insurance firms more than $1.3 million for treatment that was never provided. This netted Wilson $354,000 according to the L.A. District Attorney's Office. The affected companies include: Sedgwick CMS, Specialty Risk Services, Continental Casualty Co., Liberty Mutual, Southern California Regional Management, Travelers and Zurich Insurance

When a search warrant was conducted on Mr. Wilson's home, information from more than 1,000 patients was found. In December 2008, Cedars sent letters to these patients, warning them that their information had been found during the search of his home.

At the sentencing, Superior Court Judge Samuel Mayerson also ordered Wilson to pay $354,000 in restitution to the school district, which paid for treatment employees never received, and $62,000 in back taxes and penalties to the state Franchise Tax Board, authorities said.

For recent article in Los Angeles Times, see:http://www.latimes.com/news/local/la-me-cedars16-2009jun16,0,5460110.story

Attorney Commentary: These type of thefts of patient information by employees are more common than one realizes. We have seen numerous cases where low-paid medical clerks have taken copies of Medi-Cal and Medicare cards and drivers' licenses or other I.D. from medical offices and sold them. There is a market for this patient information. With Medi-Cal, for example, patients do not receive explanation of benefits (EOBs) and thus would have no idea that their card is being used to bill for services not provided.

On January 1, 2009, the state passed laws (resulting in amendments to Civil Code Section 56.36 and adding Health & Safety Code Section 130200) that significantly increased the fines not only for the illegal use of medical records but also for unauthorized access of records. The law also opened the door for patients to sue physicians and medical facilities for not adequately protecting medical records. Any violation of Civil Code Section 56.36 is also punishable as a misdemeanor.

It is therefore important for health care providers to protect patient information and have a privacy and compliance plan to address the access to patient records and information. The potential financial penalties and other remedies are significant and should encourage providers to take reasonable steps to safeguard patient records and their confidentiality.

Any questions or comments should be directed to: tgreen@greenassoc.com. Tracy Green is a principal at Green and Associates, Attorneys at Law, in Los Angeles, California. They focus their practice on the representation of licensed professionals and businesses in civil, business, administrative and criminal proceedings, with a specialty in health care providers.