Just weeks before a strict medical privacy law went into effect in California, another major privacy breach was uncovered at a large medical center there -- one that police say led to theft.

A former billing clerk at Cedars-Sinai Medical Center in Los Angeles was arrested in November 2008 and charged with stealing patient records and using the identities to steal from insurers.

James Allen Wilson, whose job authorized him to access to the hospital's electronic medical record system, allegedly set up a fake lab company then used stolen information from patient files to bill insurers. Investigators say the scheme netted Wilson at least $69,000, an amount expected to grow as the investigation continues.

Jane Robison, spokeswoman for the Los Angeles County District Attorney's office, said an insurer brought the alleged violations to the attention of investigators, who then alerted the hospital.

Investigators visited Wilson's home and found the records of more than 1,000 patients and actual workers' compensation claims, police said. The hospital sent letters to all patients involved alerting them to the scheme and advising them that it did not appear the stolen information was being used for anything besides the insurance fraud.

[...]