Records sold for profit in Florida hospital scheme

The FBI has arrested a former employee of Florida Hospital's Celebration Health in Celebration, charging him with accessing 760,000 emergency department (ED) records over two years and selling some of them to someone who solicited for attorneys and chiropractors.

According to coverage by WFTV in Orlando, the FBI conducted a 10-month investigation and now alleges that Dale Munroe, who registered patients in the ED, primarily accessed records of patients who were in an automobile accident from several hospitals across the state.

According to the complaint in U.S.A. v. Munroe, Munroe was arrested on Aug. 14. The supporting affidavit details how Munroe used his computer access at the Celebration location to quickly scroll through ED patients’ records to identify those who had been involved in car accidents. The hospital’s network also enabled him to access the same type of records for ED patients at all other Florida Hospital locations.

From late 2009 through mid-2011, Munroe reportedly viewed 763,000 patients’ ED records on a summary screen that displayed 10 patients’ records per screen. Of those 763,000 patients, more than 12,000 patients’ records were viewed for longer than one second, involved a motor vehicle accident, and/or resulted in the access of additional files. Florida Hospital notified these patients last year. Many patients reported that within days after being seen in the ED, they received solicitation calls asking if they needed a referral to a lawyer or chiropractor.

According to the complaint, Munroe provided information to “S.K.,” who allegedly paid him and his wife approximately $10,000 for the information provided. S.K. allegedly then conveyed that information to other(s) who solicited patients for lawyers and chiropractors. The complaint said that S.K. may be part of an insurance fraud ring involving staged accidents.

Munroe was fired in July 2011 after the hospital discovered he improperly accessed the file of a physician who had been killed. After his termination, his wife and a co-worker continued accessing patient records. Their role was discovered in August 2011 after an employee received a solicitation call and contacted the hospital to report the leak. The hospital audited access to the relevant records, fired Munroe’s wife and co-worker, and began a more extensive audit of access to ED patient data. The facility then uncovered Munroe’s activities.

Munroe has been charged with violation of 42 U.S.C. 1320. So far, no one else has been charged in the case. Munroe is due back in court on Sept. 14.

The hospital has not posted a statement on the case on its website and, according to WFTV, the local authorities of Osceola County said they were not able to make arrests because the hospital did not cooperate with the investigation, citing federal HIPPA laws.