There are pretty stiff consequences for employees who use their access to protected health information for illegal means.

From ransomware to hackers, there is a lot of talk about breaches from the outside, but what about breaches from the inside?  Especially breaches from employees who purposefully disregard HIPAA.

On March 27, a local news station in Muskogee, Oklahoma, reported on the trial involving Robert Bond, where he pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.

In June 2017, Robert Bond and Lane Miller were arrested after evidence linked them to several identity thefts that totaled upwards of $300,000.  During the investigation, law enforcement discovered that Lane Miller worked as a nurse at Mercy Health Love County Hospital and Clinic in Marietta, Oklahoma, until the beginning of 2017.  Miller then returned to the hospital later in 2017 to steal medical records and commit identity theft.  Robert Bond assisted him in this identity theft scheme.

On March 28, Lane Miller pleaded guilty to aggravated identity theft, which is punishable by up to two years imprisonment and a $250,000 fine.  Robert Bond faces 20 or more years in prison.

In another case of stolen medical records, the accused individual could be fined $250,000. Shaniece Borney, a former employee of NHC Health Care, pleaded guilty in March 2018 of credit-card fraud.  Borney used her access at the nursing home in 2016 and 2017 to steal credit-card information and used that information to purchase apparel and other items for her family and herself. Borney now faces 10 years in prison and a $250,000 fine.

These are just a couple examples of what might happen to employees who willfully ignore HIPAA and use their access for illegal means.

Join HIPAAgps to learn how you can help protect your organization from insider threats.