California Snoopin', Cedars Sinai version: Less an identity theft or tabloid trash story, this time a hospital employee stole patient identifier information and used it to bill insurance companies for phony lab charges for those patients. Also different from earlier California Snoopin' problems, the original access by the employee in this case was legitimate (he worked in the billing department); he wasn't snoopin' where he shouldn't've been. And it doesn't look like he used the data to set up bogus credit card accounts. But his extracurricular activities did involve using the identities to construct bogus lab billings, which were submitted to insurance companies along with a request for payment.
As usual, the PHI misuse is unrelated to the the medical facts in the PHI; the value in stealing PHI isn't the healthcare part of the information, it's the identity and financial information.