Identity Theft And UCLA

Posted on: November 5, 2008 at 12:34 p.m.

A former UCLA Medical Center employee has pleaded not guilty to charges that she sold information from Farrah Fawcett's medical records to a celebrity gossip tabloid.

The woman is charged with an identity theft related crime, specifically with illegally accessing Fawcett's medical file and selling information about the actress' cancer treatment for $4,600 to the National Enquirer. A state investigation found last month that UCLA hospital workers had inappropriately accessed records of 1,041 patients, including celebrities such as Britney Spears, since 2003.

Identity theft is a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions. In many countries specific laws make it a crime to use another person's identity for personal gain.

Identity thieves have become increasingly focused on stealing medical records--and have begun using better methods to get patient data, too. Medical records offer a rich trove of information for an identity thief, often including not only health insurance account numbers and billing addresses, but also dates of birth, Social Security numbers and even credit information. Given the richness of patient records, thieves may make more money stealing them than they would by going after credit card numbers or bank accounts directly. Worse, the thieves are getting more skilled at such thefts. While providers often encrypt their data, thieves often work with insiders who can help them break through these security measures. Concerned about this trend, California and Arkansas now require that consumers be notified when their medical data is accessed, and federal legislators are considering a measure instituting similar requirements.

California has enacted sweeping changes to an existing data-privacy law which specifies that residents must be notified if their electronic health data or health insurance information is breached. The measure, which expands on an existing notification law, adds unencrypted medical histories, information on mental or physical conditions and medical treatments and diagnoses to its list of protected data categories, as well as unencrypted insurance policy or subscriber numbers, applications, claims histories and appeals. Previously, it'd only covered financial information.

The law is sufficiently stringent that providers must notify patients if their name is attached to breached information--it doesn't even require that identity-theft-sensitive items like social security numbers are included in the data.

Tagged as: california criminal laws

Comments:

Farzad Mashhood on May 30, 2009 at 1:02 a.m. wrote:

Well, these people who abuse their duties at the hospital to get information about patients are just crooks. There should definitely be measures taken to prevent such occurrences as people's personal privacy can be stolen and crooks can use their personal information for their own gain. As for solutions to the problem, I think notifying patients every time their record is accessed is a good idea but seems a tad silly. I've had to try to get medical stuff for my parents taken care of several times, but because of these stringent regulations on who can access medical records, I've been unable to do so -- so the law has created an extra layer of red tape for doing ordinary things. However it still seems necessary to protect patients' identities to a great degree. Obviously, I'm sounding naive, but it just seems that this whole debacle of notifying you every time your medical records are accessed and not letting anyone other than you see your records can be avoided if people are simply not driven by bribes from tabloids or scamming innocent people. But that is neither here nor there. I do believe that the employee from the UCLA hospital should be held fully accountable for her actions. Such offenders who access patient records for non-medical reasons should be held criminally liable -- maybe not for id theft, but for something substantial. Repeat offenders should really be dealt with handily.

Phillip Huynh on November 15, 2008 at 2:31 p.m. wrote:

I agree that it is important that we protect people's identities because so many lives can be ruined from identity theft. The hospital should have a better system in place to protect information of there patients. I think that people that steal information for personal gain should be charge accordingly depending on the severity of the theft. Identity theft criminals should serve prison time because they are taking away someone else's life and hard earn money. The amount of prison time that I think they serve should depend on how much they stole and the affect of there criminal act. In the case of employees stealing information from the UCLA hospital, I think that this event could have been prevented by only allowing certain people to be able to get patients personal information. They should only allow employees that they did extensive background checks on to access such information. In addition, there should be a software program that can trace who access what on the hospital's computer system.

Brian Norcross on November 12, 2008 at 8:03 p.m. wrote:

I'm going to have to disagree with the person above me, I don't think there should be a case of varying degrees of severity for identity theft. If the person or persons accessing the records are doing so with the intent of stealing from or profiting from the records then the case should be pursued as a theft. In the Farrah Fawcett case there was an intent by the medical staff to use the information contained in private files for personal gain, and there should be no reason that this person not be charged with a crime of theft. I'm glad that California has branched out in this area of identity theft to notify people if their records are being accessed. This gives people the added security that they might feel that they need.

Tina Yi on November 12, 2008 at 5:24 a.m. wrote:

I think it's truly unfortunate what happened to Britney Spears and Farrah Fawcett. Just because they are celebrities does not mean that it's okay to pry through their records. They deserve just as much privacy and protection by the law. I am curious to know what hospital officials have been doing since Spears' case in protecting the privacy of celebrities, as this is the second time that this has happened at the UCLA Medical Center. In Fawcett's case, the hospital found that an employee who was not directly caring for the patient had access to her records numerous times. This is a violation of a federal patient privacy law called the Health Insurance Portability and Accountability Act, which went into effect in 2003. For something like this to happen is quite an embarrassment. How can an incident like this happen, not just once, but twice at a prestigious institution such as the UCLA Medical Center? Hospital officials need to place more caution when celebrities come to their hospitals, perhaps, putting cameras where the medical files are located? Shortly after doctors told Fawcett that her cancer had returned ? and before she even told her own son and closest friends, the 'Enquirer' posted the news on its website. Incidents like these show that more laws need to be in place that protect patients from curious and unethical employees and that hospital officials need to take more aggressive action in protecting the privacy of patients.

Nicole Forde on November 9, 2008 at 7:11 p.m. wrote:

While I don't advocate identity theft in any way, I do wonder if there are varying degrees and if some of those degrees can actually be defined as a crime. There exist obvious cases, such as those mentioned in the post above me, or use of information that directly affects the victim's economic well-being, but I'm not so sure this occurred in Farrah Fawcett's case. While privacy was breached in this case, I'm not sure the UCLA medical employee actually committed a crime worthy of litigation and punishment. I think dismissal from his/her job, seeing as how they couldn't comply with the privacy protocol, would have been sufficient. Perhaps I don't know enough about the details relevant to the severity of the information sold, but if it just pertained to treatment and progress of the cancer the only result might have been emotional harm. Fawcett could have then sued on these grounds, but I just don't see how identity theft was the appropriate term to deem this 'crime.'

Jessica Simanian on November 6, 2008 at 2:39 p.m. wrote:

It is very frightening to hear about Medical employees giving out confidential information regarding patients for money, or any other reason. Especially with today's advanced technology information and easily be more readily available for these people to take it. In Farrah Fawcett's case, it is unfortunate that someone would stoop to reveal her medical information for money, however there are other types of identity theft that go unheard of that could be much worse, wuch as credit card fraud or someone using another's driver's license, ID, or social security number, and with this information can ruin peoples' lives by using their government benefits, counterfeit checks and tkaing their money. There are professionals who know how to beat the system and they can take your name and use it to get a job and medical services. Taking measures against 'identity theft' can be difficult to do. Someone can file a police report but it may not be enough since it can take a long time for them to find out what happened and who it is, and the effects can be difficult to fix long term. It's a scary thing, and one more that we have to worry about, but I think people should be aware with all their information and be extremely careful with who sees it and can have access. The number should be as limited as possible, and still even then we can't be sure something won't go wrong.

Kestenbaum Eisner & Gorin LLP has been recognized as one of the best U.S. law firms, based on the experience, professionalism, and ethics of its criminal defense lawyers and attorneys. We aggressively defend clients in all Southern California courtrooms on state and federal charges, including DUI, DMV, misdemeanor, felony, juvenile cases, in the following communities and courthouses.

Los Angeles County, CA: Agoura, Altadena, Alhambra, Bellflower, Beverly Hills, Burbank, Calabasas, Century City, Chatsworth, Compton, Culver City, Diamond Bar, Downey, Downtown Criminal Court, El Segundo, East Los Angeles, Eastlake, Encino, El Monte, Glendale, Glendora, Hermosa Beach, Hidden Hills, Hollywood, Huntington Park, Inglewood, Los Angeles Lawyer, La Canada, LAX Court, Los Padrinos, Long Beach, Los Angeles Attorney, Malibu, Manhattan Beach, Marina Del Rey, Newhall, Norwalk, Palos Verdes, Pasadena, Pomona, Rancho Palos Verdes, Redondo Beach, Rolling Hills, San Dimas, San Fernando, San Marino, San Pedro, Santa Clarita, Sherman Oaks, Sierra Madre, Santa Monica, South Gate, South Pasadena, Sylmar, Torrance, Universal City, Valencia, Van Nuys, West Covina, West Hollywood, Walnut, Westchester, West Hollywood, Westlake Village, Whittier, Woodland Hills, California. Orange County, CA: Anaheim, Anaheim Hills, Buena Park, Costa Mesa, Fullerton, Garden Grove, Huntington Beach, Irvine Attorney, Laguna Beach, Laguna Hills, Laguna Niguel, La Habra, La Palma, Mission Viejo, Newport Beach, Orange, Orange County Lawyer, Rancho Santa Margarita, San Clemente, San Juan Capistrano, Santa Ana, Seal Beach, Tustin, Villa Park, Westminster, Yorba Linda, California. Ventura County, CA: Camarillo, Moorpark, Oxnard, San Buenaventura, Simi Valley, Thousand Oaks, Westlake Village. San Bernardino County, CA: Ontario, Rancho Cucamonga, Upland.

Prior Criminal Law Posts

Identity Theft And UCLA

Comments:

Add your comment!

Firm Fan Page & News

Our Criminal Defense Partners

Criminal Defense Resources

Prior Criminal Law Posts