The Power in Your Pocket… To Steal PHI

Veriphyr proactively reports impermissible use of PHI the first time it happens. 

Bournemouth, UK

Eight Months of Photos of PHI

Daniel Storr is under investigation for bribing former coworker, Aden Embling. In return, Embling sent Storr photos of individuals’ protected health information (PHI).

Storr and Embling worked together at Health Online, a private health insurance company. After Storr left for Parkway Financial Solutions, he tried to continue to use Health Online patients’ information to help sell life insurance. He offered payment to his former coworker for his cooperation.

Used for Sales, Yet Not Sold

Typically, life insurance premiums in the UK cost thousands of pounds. A salesman makes about fifteen percent of that in commission. In exchange for sending him photos of Health Online’s PHI, Storr allegedly offered Embling ten percent of his commission.

Between September of 2015 and April of 2016, Embling sent Storr photos of the PHI of 48 patients. The stolen data included names, addresses, dates of birth, and phone numbers.

In the end, no money traded hands, as Storr failed to sell to any of the individuals whose information he received.

An investigation found that Embling had impermissibly accessed the PHI of over 50 patients.

As Good As Gone

Taking out a phone and snapping a picture is easy and natural. Unfortunately for healthcare organizations, once someone has taken a picture of PHI on their phone, it is as good as gone.

Most impermissible use detection software detects when PHI is printed, sent, or stored on a USB. Veriphyr, however, detects when patient data is impermissibly accessed the first time.

 

Brooklyn, NY

Not His Job

Orlando Jemmott, 52, worked in the emergency room of the Kings County Hospital where he stole and sold patients’ protected health information. His job was to input patient demographic information and record their reported symptoms into the hospitals’ computer system.

It was not his job to sell the information of 180 patients over WhatsApp, the encrypted messaging app.

Turned In

In June 2017, a woman gave Jemmott’s phone to the FBI, unsolicited. On it, they found that Jemmott had sent the names and phone numbers of 180 patients to a buyer in Pennsylvania. Further investigation found that Jemmott had impermissibly accessed the protected health information of 88 patients at the hospital.

He and the buyer have since been arrested.

 

Mountainview, California

Veriphyr Inc. uses advanced data analytics to detect impermissible access to patient data the first time it happens.

Detecting Snooping the First Time it Happens

Employee snooping is one of the leading causes of data breaches in the healthcare industry. Taking pictures of the PHI may have been the crime, but Embling looking at the records of patients he should not have been could have been a sufficient red flag.

Veriphyr’s analytics can be both a deterrent and provide an earlier warning when employees abuse access.

 

Source

(a) Daily Echo – September 4th, 2018

(b) NY Daily News – September 11, 2018