Two medical office workers in south Florida have been indicted on HIPAA violations and related charges for their alleged roles in an identity theft ring that used stolen patient information to access to their bank and credit card accounts, federal prosecutors said.
According to the indictment, defendants Erica Hall, 27, and Sharelle Finnie, 22, worked as office assistants at two separate medical offices in Coral Springs and Fort Lauderdale, respectively. The pair allegedly swiped patient information, including names, dates of birth, social security numbers, and other medical information, and sold it to co-conspirators. If convicted of the HIPAA violations, Hall and Finnie each face a maximum statutory term of 10 years in prison, federal prosecutors said.
Ten other alleged members of the theft ring – all Florida residents -- also were indicted on bank fraud, identity theft, and related charges, including:
- Jasmin Rembert, 33, of Miramar;
- Rufus Bethea, 30, of Hollywood;
- Bianca Cook, 21, of Lauderhill;
- Courtney Gissendanner, 28, of Hollywood;
- Brandi Johnson, 39, of Miramar;
- Demarcus Hough, 30, of Ft. Lauderdale;
- Darren Baldwin, 43, of Ft. Lauderdale;
- Aaron Hough, 30, of Hollywood;
- Minnie Powell, 49, of Pembroke Pines;
- Eloise Sermons, 24, of West Park
Sermons, Cook, and Hough remain at large.
Gissendanner was identified by prosecutors as the alleged ringleader. He would use the stolen information to illegally add himself and others as “authorized users” on the victims’ credit card and bank accounts. The defendants then used the stolen personal identification information to empty their bank accounts and run up credit card charges as high as $128,000 in one case.
Prosecutors said Rembert worked at the Broward County School Board in the teacher certification department, where she had access to – and allegedly stole and sold -- sensitive personal identification information from teacher certification databases.
If convicted of conspiracy to commit bank fraud, the defendants each face a maximum statutory term of 30 years’ imprisonment. If convicted of conspiracy to commit access device and identity theft, the defendants each face a maximum statutory term of five years’ imprisonment. If convicted of the substantive counts of access device fraud, the defendants each face a maximum statutory term of 10 years’ imprisonment.
John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.