Indictment Alleges HIPAA Violations

Ex-Employee Charged with Providing Info for False Tax Returns
Indictment Alleges HIPAA Violations
A Pennsylvania man has been indicted for alleged HIPAA privacy violations stemming from accessing patient information that was then used to file false tax returns.

Paul Pepala of Monroeville, Pa., who formerly worked at the UPMC Shadyside Hospital, Pittsburgh, is charged in a 14-count indictment with accessing patient names, birth dates and Social Security numbers and disclosing them to others for personal gain in violation of HIPAA, according to U.S. Attorney's Office for the Western District of Pennsylvania. Pepala also was charged with violating the Social Security Act by disclosing Social Security numbers to others.

"The information was used to file false tax returns in 2008," according to the U.S. Attorney's office.

If convicted, Pepala faces a maximum total sentence of 80 years in prison, a fine of $4.73 million or both.

Rare Case

Prison terms for HIPAA violations are rare. In April, a former UCLA Healthcare System surgeon became the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation.

Huping Zhou of Los Angeles was sentenced to four months in prison after admitting he illegally read private electronic medical records of celebrities and others, according to the U.S. attorney's office for the central district of California.

Zhou pleaded guilty in January to four misdemeanor counts of violating the HIPAA privacy rule. He admitted obtaining individually identifiable health information without a valid reason.

That case dated back to 2003, when Zhou, a licensed cardiothoracic surgeon, received notice that he was being dismissed from his job. On the day he received the notice, Zhou accessed and read his immediate supervisor's medical records and those of other co-workers, according to prosecutors. For three weeks, he continued illegally accessing patient records, including those of celebrities, accessing the patient records system 232 times.

Tougher penalties for violating the HIPAA privacy and security rules, as called for under the HITECH Act, are spelled out under proposed HIPAA modifications.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.