Thursday, Feb. 10, 2011 | 2 a.m.
- Man pleads guilty to disclosing UMC patient records for personal gain (2-1-2011)
- Allstate suit alleges network of medical care fraud (12-21-2010)
- Man indicted in probe of UMC privacy leak (4-28-2010)
- Source may hold key in solving UMC patient data leak (3-8-2010)
- Another UMC breach surfaces with theft of computer hard drives (3-5-2010)
- UMC: Patient info leaks likely date back to July (1-25-2010)
- UMC faces criticism from within medical field (12-23-2009)
- UMC suspends 6 staff members pending investigation(12-11-2009)
- At UMC, audits show privacy lapses are not new(11-24-2009)
- FBI looking at UMC records leak(11-21-2009)
- Hospital privacy leak could harm patients(11-20-2009)
One key question remained after a man recently pleaded guilty to illegally obtaining private patient information from University Medical Center: Who was the hospital employee who conspired to sell the information?
Richard Charette, who managed a law firm, faces five years in prison and a $250,000 fine after pleading guilty Jan. 28 to obtaining the information to recruit traffic accident patients for attorneys and doctors.
Charette’s guilty plea is the result of an FBI investigation that was sparked by a November 2009 Las Vegas Sun story. The Sun found that someone at UMC was violating federal law — the Health Insurance Portability and Accountability Act, better known as HIPAA — by leaking private information that patients provided during treatment.
But Charette’s plea agreement with the U.S. attorney only provided the title of the UMC employee who sold the information: manager of the Trauma Resuscitation Department.
That man is Daniel Petcavage, who had been considered a model employee at UMC before the scandal. Petcavage started at UMC in 1999, first as a charge nurse and then moved into the managerial role, for which his annual salary was $90,000.
In April, with the FBI investigation in full swing, Petcavage abruptly resigned, saying he had a job in another state.
“I think he realized they had a case against him,” said Kathy Silver, CEO of the hospital.
According to the investigation, Charette paid Petcavage for each patient who retained an attorney or chiropractor, a total of $9,200. The plea agreement said the scheme took place from July 31 to Nov. 19, 2009 — the day the Sun called UMC about the breach.
The Sun reached Petcavage by phone at his Las Vegas home, and he denied any involvement.
But the Nevada State Board of Nursing’s disciplinary documents tell a different story. On Nov. 5, Petcavage signed an agreement in which he “freely admits” that he was convicted Sept. 30 of conspiracy to illegally disclose personal health information, a felony, placed on criminal probation for three years and ordered to make $10,000 restitution for the money he obtained to the University Medical Center Charitable Foundation. His nursing license was put on probation for three years, and he was required to be supervised by another nurse and undergo remedial training in ethics and critical thinking, the document said.
People who worked with Petcavage at UMC told the Sun he won employee awards and was admired for his positive attitude and commitment to the trauma department.
Silver said hospital employees have been deeply wounded by the betrayal of a colleague who would undermine their trust with patients.
“Patients come here, and they put their trust in us,” Silver said. “It’s sacred.”
Silver had heard rumors of the leak in summer 2009 and performed a cursory investigation, but dismissed it as a nonissue.
Meanwhile, a source notified the Sun of the leaked information. When the Sun asked the source to verify the problem, the person handed over an envelope. Inside were 21 UMC “face sheets” — the registration papers that contain personal information about each patient, including birth dates, Social Security numbers, injuries and the circumstances of each auto accident.
There was indeed a leak at UMC.
The Sun sent samples of the face sheets to UMC to confirm their authenticity, and they played a crucial role in the FBI investigation, Silver said. The hospital and investigators could tell from the Sun’s copies of the face sheets that the records had been modified in the trauma department. For example, initial face sheets may use shorthand or have fewer details when a patient arrives in trauma, but then they’re filled out more thoroughly later, Silver said. The leak was in the trauma department.
The FBI brought up Charette’s name, a UMC official said. He had been a volunteer in the hospital since 1999 and worked in the trauma department. On his application, he states that he wanted to volunteer “to help others” and that he was self-employed. Under specialized training he lists, “helicopter pilot.”
Agents searched the history of Charette’s fax machine and found that he had received at least 55 face sheets from UMC. They were traced to the fax machine in Petcavage’s office, a hospital official said.
The Sun asked the source who provided the face sheets how he obtained them. He said he got them from somebody else, but he didn’t know the original source.
According to a federal racketeering lawsuit filed by Allstate Insurance Co., Charette was part of a network of doctors, chiropractors, marketers, attorneys, ambulance and tow-truck drivers who fraudulently arranged for accident victims to be treated for unnecessary care from 2004 through this year — with Allstate and other insurers footing the bill.