Healthcare News & Insights

Hospital employee sells patients’ protected health information

Another hospital employee has been caught selling patients’ protected health information (PHI) to supplement her salary.

Laurie Napper, a former medical technician at Howard University Hospital in Washington, D.C., pled guilty to federal charges of wrongful disclosure of patients’ individually identifiable health information and selling blank prescription forms, announced U.S. Attorney Ronald Machen, Jr., and James McJunkin, assistant director in charge of the FBI’s Washington field office.

Napper worked in the general surgery department, which gave her access to patients’ PHI and hospital prescription pads.

The scheme

From August 2010 through December 2011, Napper obtained the records of multiple hospital patients on at least three different occasions. She then sold the names, addresses, dates of birth and Medicare numbers to another person, along with blank hospital prescription forms. Napper received approximately $500 to $800 in cash for each of the transactions.

In total, Napper sold about 40 Howard University Hospital patient names and information to the person, and she received approximately $2,100 in cash in return.

After receiving the prescription pads and patient information from Napper, the other person involved in the scam forged prescriptions for oxycodone. The person then presented the forged prescriptions to pharmacies in the Washington, D.C., metropolitan area and provided Napper’s telephone number at Howard University Hospital for verification. When the pharmacists called Napper, she confirmed the prescriptions and the pharmacists filled them.

“Healthcare providers have an obligation to closely guard their patients’ confidentiality,” said Machen, in a U.S. Department of Justice press release. “Patients deserve to have their personal information kept private, not sold for cash in a scheme to forge prescriptions for painkillers. This felony conviction confirms that private patient information is a trust to be protected, not a commodity to be sold to the highest bidder.”

HIPAA violation

The wrongful disclosure of patients’ individually identifiable health information is a HIPAA violation and can carry jail time and fines.

In this case, the judge sentenced Napper to three years of probation. She will spend the first six months of her sentence at a halfway house. After that, Napper will spend an additional six months on home confinement, able to leave only for work and other designated circumstances.

In addition, Napper has to perform 100 hours of community service and pay a $2,100 fine.

“Cases like this demonstrate that drug distribution is not just on street corners, but can take place with an illegally obtained prescription pad and patient information,” said McJunkin in the release. “Today’s sentence sends a message that selling patient information and forged prescriptions for personal benefit is dangerous and illegal, and we will bring those who commit prescription drug fraud to justice.”

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.