Prosecutors suspect a registered nurse working at several hospitals through a nurse staffing agencies improperly accessed patient files to steal Social Security numbers and other sensitive information, and opened credit cards in patients' names to make purchases.
Cannon Tubb, 30, who recently lived in Denver, was arrested on a fugitive warrant in his native state of Texas on May 31.
Adams County prosecutors have filed 90 charges including attempted theft, identity theft and theft of medical records. The charges are tied to Tubb's work at Platte Valley Medical Center in Brighton and St. Anthony North in Westminster, a Centura Health-owned facility. Tubb also worked at two additional Centura hospitals, St. Anthony Central in Denver and Porter Adventist Hospital in Englewood. Court documents indicate Boulder Police are also investigating Tubb, but a police spokeswoman declined to say which hospital is involved.
Tubb worked for a now-defunct nurse staffing agency that placed him at different hospitals in the area.
An alleged victim named in court filings, Will Pierce, a school administrator from Brighton, spoke with 9Wants to Know investigator Kyle Clark.
"It's a real humbling feeling to have something taken from you and not have any control over it," Pierce said. "Every day you wake up nervous."
Court documents filed by prosecutors allege that, in December 2010, Tubb accessed Pierce's patient record from a brief visit to Platte Valley Medical Center in Brighton in 2008.
Pierce was treated for a wrist injury and estimates he was at the hospital for less than an hour. It was enough time to leave a goldmine of personal information in the hospital's recordkeeping system.
"That's probably your most vulnerable time. You'll sign any paperwork you'll give any information you can in order to be healthy and feel safe," Pierce said.
Pierce told police he received a MasterCard, Walmart card and a Discovery card he never applied for. He also received information on a Sears credit card he didn't own and got a rejection letter for a Best Buy card he never had asked for. One of the cards already had a charge on it.
According to an affidavit filed by a Brighton Police detective, a human resources supervisor at Platte Valley confirmed that Tubb had viewed "several medical record files" and potential victims would be contacted but "the supervisor would not state how many medical records Cannon [Tubb] viewed."
"That doesn't seem right," Pierce said. "You're trusting them with all your information and your health at the time."
A Platte Valley spokesperson said Tuesday that the hospital had cooperated with authorities. She placed the number of affected patients at less than 100 and said they would be contacted by the hospital. Platte Valley repeatedly declined to make a hospital official available to answer questions from 9Wants To Know about the hospital's patient privacy and identity theft procedures and safeguards.
Likewise, Centura Health also repeatedly refused to make anyone available to discuss the security breach.
Centura released a statement that acknowledged the investigation but pointed to non-Centura facilities involved. The written statement said affected patients had been notified yet "few" responded with serious concerns. Additionally, Centura's statement highlighted what it called its "already-robust safeguards and procedures related to patient information."
Centura did not respond to several requests for answers to specific questions Tuesday.
Authorities allege Tubb stole the identity of a man visiting from Oklahoma who sought care at St. Anthony North, using a hospital computer to open a Best Buy credit card and purchase a laptop computer and a camera. A Best Buy staffer alerted the patient, then at home in Oklahoma, when someone with a different name attempted to pick up the items, an affidavit alleges.
Court filings say Centura informed investigators of 123 improperly accessed patient medical files and said it would inform affected patients.
Tubb holds a medical license from Texas, which participates in a compact with Colorado, allowing nurses with a license in one state to work another. In 2009, he was formally charged with improperly using blank prescription forms for his own use. Because his alleged misconduct did not rise to the level that would prompt automatic action, it did not appear in a national database until January 2011 when Texas regulators suspended his license. By that time, Colorado authorities allege, he had already committed more than 90 felonies in this state.
The Colorado regulatory agency that tracks bad behavior by nurses to protect the public and alert other hospitals was not told of the recent allegations of wrongdoing in the Denver area.
Kennetha Julien, program director of the Colorado Board of Nursing, told 9Wants to Know investigator Kyle Clark that Tubb has a pending application for a Colorado nursing license.
"Could this have an impact on his application here in Colorado?" Clark asked Julien.
"Now that we're made aware of it, yes, it could," Julien said.
"No one had told you about it? None of the hospitals?" Clark asked.
"No," Julien replied.
"Should one of the hospitals just given you a heads up?" Clark asked.
"Ideally, in a perfect world, yeah," Julien said.
Pierce hopes the hospitals involved will strengthen their information security procedures to protect against identity theft.
"It's one of the cruelest crimes you can have. I would have much rather been beat up robbed stolen at gunpoint then have this kind of crime," Pierce said. "You can't see the perpetrator, you can't see them coming, but every day there's evidence they're robbing you."
If you have information about Tubb or the hospitals mentioned in this story, please contact 9Wants to Know investigator Kyle Clark at firstname.lastname@example.org or by calling 303-500-2937.
(KUSA-TV © 2011 Multimedia Holdings Corporation)