A Birmingham woman was arrested by U.S. Postal Inspection Service authorities and charged Thursday with felony theft of five years' worth of medical information for thousands of patients treated at Trinity Medical Center, formerly Montclair Baptist Medical Center, in Birmingham, AL.
In a statement on its website, Trinity officials said that "during the last week of March 2011, surgery schedules were stolen from a closed patient registration area. These documents were recovered during an investigation of mail theft by the U.S. Postal Inspector during the first week of April 2011."
Patients whose records may have been stolen were sent a letter "personally notifying you of this event and offering free credit monitoring," the Trinity notice said.
Data security of has taken on a growing national importance as federal officials last month now count more than 265 breaches involving private health information affecting more than 500 individuals, according to the Office of Civil Rights.
In recent weeks, officials have been reporting about one a day, including an incident last month involving Spartansburg Regional Medical Center in South Carolina in which a laptop computer belonging to a hospital employee was allegedly stolen from his car. The laptop reportedly contained personal and medical billing information, according to an article in the Herald-Journal.
In the Trinity Medical Center case, Tony Robinson, an inspector with the Birmingham Post office, said in a telephone conversation on Friday that the files were actually recovered by the Alabaster Police Department, "which serves a small community south of Birmingham that had served a search warrant on the defendant."
He identified the patient as Chelsea Catherine Stewart. Robinson said that Stewart is accused of stealing information from the medical center, not from the mails, but that the Postal Service became involved because of the potential for the use of mails to engage in criminal activity.
Stewart was charged with a violation of the Health Insurance Portability and Accountability Act. It is unclear whether she ever used the stolen information for gain.
According to an account in the Birmingham News, Stewart took the records from the hospital while visiting a patient there.
According to the Trinity statement, the hospital "is helping affected patients take steps to protect themselves against any possible misuse of their financial information." Also, it said, the hospital is increasing security by changing access to the registration area of the involved department.
A statement from the Office of Inspector General and the U.S. Attorney's Office are forthcoming, Robinson said.