Saturday, January 23, 2016

Riverside Woman Convicted in Federal Court of Stealing Identities of Residents of Medical Facility in Long Beach. Reason Facilities Need Strong HIPAA and Privacy Procedures.

One of the reasons medical facilities should have strong HIPAA policies and procedures, as well as enforcement and training, is to prevent employees or third parties from taking medical information for other improper or illegal purposes.

Last week, Bridgette Jackson of Riverside, California was convicted in federal court after a jury trial on federal identity theft charges for possessing the identities of more than 50 patients of a residential medical facility in Long Beach formerly known as the Hillcrest Care Center. She was convicted of conspiring to possess more than 15 identities, possessing more than 15 identities, and aggravated identity theft.

Ms. Jackson’s aunt, who testified against her at the trial, was an employee at the Hillcrest Care Center and had access to all of the patient files. According to the testimony at trial, Ms. Jackson approached her aunt and asked for personal identifying information of patients. Ms. Jackson’s aunt copied or wrote down personal identifying information and provided it to Ms. Jackson on three separate occasions. 

Ms. Jackson then used that information to help others file false tax returns in the names of the patients and keep the refunds for themselves. When law enforcement executed a search warrant on Ms. Jackson’s residence, officers seized approximately 56 Hillcrest medical records, along with almost 70 other identity profiles, which included names, social security numbers, and dates of birth of individuals other than Ms. Jackson. Law enforcement also seized over 50 prepaid debit cards in names of people other than Jackson.

After the jury verdict was reached, United States District Judge Manuel L. Real scheduled a sentencing hearing for March 7. At that time, Jackson will face a mandatory minimum sentence of two years in federal prison and a statutory maximum sentence of 17 years.   In an unrelated case, Ms. Jackson pled guilty last year to conspiring to commit credit card fraud in the United States District Court in Riverside and faces up to five years when she is sentenced in that case on March 28.

Attorney Commentary:  The black market for patient identity exists. Low paid clerical or medical workers can be susceptible to third parties (here a family member) seeking information. In addition, health care facilities' computer systems are now being targeted. Having a HIPAA audit and compliance is key so the facility does not face civil liability by the patients or OIG fines for the HIPAA violations.

Posted by Tracy Green, Esq.
Work: 213-233-2260


DISCLAIMER: Green & Associates' articles and blog postings are prepared as a service to the public and are not intended to grant rights or impose obligations. Nothing in this website should be construed as legal advice. Green & Associates' articles and blog postings may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents and contact their attorney for legal advice. The primary purpose of this website is not the commercial advertisement or promotion of a commercial product or service and this website is not an advertisement or solicitation. Anyone viewing this web site in a state where the web site fails to comply with all laws and ethical rules of that state, should disregard this web site.

The information provided on this website is for informational purposes only. It is not intended to create, and does not create, a lawyer-client relationship with Green & Associates, Attorneys at Law. Sending an e-mail to Tracy Green does not contractually obligate them to represent you as your lawyer, or create any type of client relationship. No attorney-client relationship will be formed absent a written engagement or retainer letter agreement signed by both Green & Associates and client and which specifies the scope of the engagement.

Please note that e-mail transmission is not secure unless it is encrypted. E-mail messages sent to Ms. Green should not include confidential or sensitive information.