Richard Gibson, 42, admitted that he obtained a cancer patient’s name, date of birth, and Social Security number while employed at the Seattle Cancer Care Alliance (SCCA), and disclosed this information to get four credit cards in the patient’s name, according to the plea agreement entered in ‘s US District Court, says a report in the Puget Sound Business Journal. According to John McKay, the attorney in Seattle, Gibson also admitted he used the cards to rack up more than $9,000 in debt, buying video games, jewelry, and other personal items, the government said. Gibson was fired shortly after the identity theft was discovered.
As part of the plea deal, Gibson could be sentenced to up to 16 months, the US Attorney’s Office said, and he also agreed to pay back the credit card companies and pay back the cancer patient. US District Court Judge Ricardo Martinez will determine whether to accept the plea agreement and decide Gibson’s sentence on November 5.
“To be a vulnerable cancer patient, fighting for your life, and having to cope with identity theft is just unconscionable,” said US Attorney John McKay, in a statement. “This case should serve as a reminder that misuse of patient information may result in criminal prosecution.”
HIPAA, signed into law on August 21, 1996, was intended to improve access to health insurance, increase protection of identifiable health information (referred to as protected health information or PHI), and reduce administrative costs in the health-care system. HIPAA applies to employer-sponsored benefit plans that meet the definition of “group health plans” under HIPAA-any group health plan that has 50 or more participants or is administered by an entity other than the plan sponsor (see “Tell” Tales ).