Jean Baptiste Alvarez was found guilty of federal charges of conspiracy to defraud the United States with respect to false claims, misuse of a Social Security number, aggravated identity theft, and aiding or assisting in the preparation of false federal income tax returns. Alvarez was accused of stealing census sheets containing patient names, SSNs and DOBs from his employer, the Kirkbride Center, a behavioral health facility where Alvarez worked as a mental health tech. Alvarez sold the census sheets for $1,000 per sheet. The stolen information was then used to file fraudulent tax returns and obtain refunds, yielding, on average, $1,500 per refund. Due to the vulnerable nature of the victims, who struggled with mental health issues and drug addiction, Alvarez was sentenced to 5 years in prison and ordered to pay $266,985 restitution.
It is challenging, and sometimes impossible, for providers to prevent HIPAA breaches caused by determined criminals. However, providers should keep in mind that 29.7% of data breaches in the healthcare industry are caused by insiders. Almost 1/3 of data breaches come from within our own walls.