(San Jose, California) Last month, it was reported that a burglary of two computers from the San Jose Medical Group resulted in the loss of the names, addresses, Social Security numbers, and billing codes for as many as 185,000 patients. Besides the obvious crime of burglary, I commented that the perpetrators could be liable for penalties under the provisions of the federal Healthcare Insurance Portability and Accountability Act (HIPAA). Well, according to the San Francisco Chronicle, HIPAA penalties are probably the least of the concerns for the burglar.

A former branch manager at a San Jose medical group has been charged with stealing the confidential records of nearly 185,000 patients -- mostly South Bay residents, authorities reported.

The San Jose incident is one of the nation's largest cases of personal data theft, even bigger than the highly publicized case of ChoicePoint, in which the personal information of 145,000 people was sold to an identity theft ring posing as a legitimate business in September 2004.

The U.S. attorney's office charged Joseph Nathaniel Harris on Friday with stealing two computers and a compact disc that contained patient records from the San Jose Medical Group on March 28, according to a complaint filed in U.S. District Court in San Jose.

It seems that Harris has a history of being a thief who likes to steal computers. He is suspected of offering the stolen computers for sale on Craigslist. The San Jose Medical Group case broke after Harris was arrested in Campbell, California, on April 15 for auto theft and decided to barter his way to freedom by offering to tell the police about the missing medical data.

Companion post at Interested-Participant.