3 Swedish patients say IDs stolen at Ballard campus; worker fired

Swedish Medical Center is warning 1,100 patients of its Ballard campus to watch for suspicious activity on their credit reports because an employee has been fired for allegedly using three patients' personal information to open credit-card accounts in their names.

On Monday, Swedish mailed letters to all patients who were hospitalized or had day surgeries at the Ballard campus between June 22 and Sept. 21, the day the woman was fired.

Swedish spokeswoman Melissa Tizon said the hospital does not believe there are more than three victims, but nonetheless is offering a free credit-monitoring service to reassure patients.

The employee apparently took names, birthdates and Social Security numbers from the paper files of the three patients. In one case, according to a Seattle police report, she used one of those identities to apply for 10 charge cards from retailers ranging from Banana Republic and Zales jewelry store to Wal-Mart. At least one order, from J.C. Penney, was reportedly delivered to the woman's home in Des Moines.

Swedish declined to name the former employee, except to say that she was a support-services worker who had permission to access patient records. She had been employed by the hospital for fewer than three years. The alleged identity thefts surfaced in early September after the three patients — who were hospitalized between Aug. 21-30 — separately contacted Swedish.

The Seattle police fraud and forgery unit is investigating. No charges have been filed.

Beth Givens, director of Privacy Rights Clearinghouse, a San Diego consumer group, said hospitals should better guard patients' personal data. For example, Givens said, they should not use Social Security numbers for identification because they are basically master keys for credit-card fraud.

"Name, Social Security number and date of birth is plenty for identity theft," Givens said.

Tizon said it stopped using Social Security numbers for new patients in April. But current Swedish patients won't get new identification numbers until next month. Swedish is switching to electronic patient records next year. Social Security numbers will be kept electronically, but will be accessible to employees on a need-to-know basis, said Steve Case, Swedish's security manager.

In 2002, Seattle's Regence BlueShield misrouted almost 3,000 benefits statements containing Social Security numbers and descriptions of medical services to wrong members' homes. Regence reprogrammed its computers the following year to omit Social Security numbers from benefits statements.

Kyung Song: 206-464-2423 or ksong@seattletimes.com