Pennsylvania Attorney General Michelle Henry announced on July 11, 2023, that a Philadelphia area medical assistant has pleaded guilty to 11 felony counts for stealing information from patient records to fraudulently open credit cards, purchase items, and lease an apartment. The medical assistant will serve two to five years in state prison, followed by two years of probation, in accordance with a plea agreement. She was ordered to pay more than $31,000 in restitution and agreed to relinquish her medical assistant license.
An investigation by the Office of Attorney General found that the medical assistant used her cell phone to take photos of patient information forms and licenses while working at clinics in Montgomery County. She then used the information to open credit cards and make purchases — including more than $30,000 in orders from online furniture retailer, Wayfair. She also rented an apartment — making a move-in payment and monthly rent — in the name of a patient, who was unaware until contacted by authorities.
“The defendant was a licensed medical professional trusted to care for and protect her patients. She broke that trust by stealing their information and bankrolling her own personal spending spree,” said Attorney General Henry. “This state prison sentence shows the egregiousness of the defendant’s conduct and crimes. My office is dedicated to investigating and prosecuting individuals who steal personal information from others for their own financial benefit.”
Compliance Perspective
Issue
It is the responsibility of every facility to take the required precautions in keeping residents’ personal information as confidential as possible, to protect residents from financial abuse and exploitation. Facilities should ensure that patient information is only being accessed when it is necessary for medical or billing purposes. As identity theft rises across the country, it is important that facilities protect residents’ personal information, while keeping in mind that residents are more likely not to know that they have been a victim of identity theft.
Discussion Points
- Review your policies and procedures on protecting residents’ personal information and preventing financial abuse and exploitation. Update your policies if needed.
- Train all staff who have access to residents’ personal information on your policies and procedures for protecting residents’ personal information. Train all staff on your policies and procedures for preventing financial abuse and exploitation. Document that these trainings occurred, and file the signed document in each employee’s education file.
- Periodically audit to ensure that staff who have access to residents’ personal information are aware of the proper procedures to follow to prevent personal information exposure. Also, periodically audit staff to ensure that they are aware of what constitutes financial abuse and exploitation, and that they know what to do if they suspect financial abuse or exploitation is occurring.
*This news alert has been prepared by Med-Net Concepts, LLC for informational purposes only and is not intended to provide legal advice.*
