Fort Benning, Ga.-based Martin Army Community Hospital officials are alerting all patients who received care at the hospital from January 2011 to December 2013 of a possible HIPAA breach, according to the Ledger-Enquirer.
The breach was reportedly discovered after police notified the hospital of an identity theft scheme by an employee in the laboratory shipping section, according to the article.
The former employee was allegedly a member of a tax fraud ring that used sensitive information gathered from discarded lab specimen labels to file fraudulent tax returns with the IRS. The former employee allegedly acquired protected health information from the labels, including names, dates of birth and Social Security numbers. Officials are unsure of how many labels were taken and how much information was used, according to the article. The employee was terminated in January 2014 and is currently serving a prison sentence for the crime.
Law enforcement notified the hospital of the incident in January 2014. After investigating the breach, police officials claim the employee did not access protected information in the hospital's EHR.
Hospital officials mailed breach notification letters to all patients who received care between January and April 2013. The IRS has contacted those affected by the fraudulent tax filings, according to the article.