TRENDING:

Indictment Alleges HIPAA Violations

Ex-Employee Charged with Providing Info for False Tax Returns Howard Anderson (ismg_editor) • September 20, 2010    
Indictment Alleges HIPAA Violations
A Pennsylvania man has been indicted for alleged HIPAA privacy violations stemming from accessing patient information that was then used to file false tax returns.

Paul Pepala of Monroeville, Pa., who formerly worked at the UPMC Shadyside Hospital, Pittsburgh, is charged in a 14-count indictment with accessing patient names, birth dates and Social Security numbers and disclosing them to others for personal gain in violation of HIPAA, according to U.S. Attorney's Office for the Western District of Pennsylvania. Pepala also was charged with violating the Social Security Act by disclosing Social Security numbers to others.

"The information was used to file false tax returns in 2008," according to the U.S. Attorney's office.

If convicted, Pepala faces a maximum total sentence of 80 years in prison, a fine of $4.73 million or both.

Rare Case

Prison terms for HIPAA violations are rare. In April, a former UCLA Healthcare System surgeon became the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation.

Huping Zhou of Los Angeles was sentenced to four months in prison after admitting he illegally read private electronic medical records of celebrities and others, according to the U.S. attorney's office for the central district of California.

Zhou pleaded guilty in January to four misdemeanor counts of violating the HIPAA privacy rule. He admitted obtaining individually identifiable health information without a valid reason.

That case dated back to 2003, when Zhou, a licensed cardiothoracic surgeon, received notice that he was being dismissed from his job. On the day he received the notice, Zhou accessed and read his immediate supervisor's medical records and those of other co-workers, according to prosecutors. For three weeks, he continued illegally accessing patient records, including those of celebrities, accessing the patient records system 232 times.

Tougher penalties for violating the HIPAA privacy and security rules, as called for under the HITECH Act, are spelled out under proposed HIPAA modifications.

Previous
Tom Carper on Cybersec Bill's Prospects
Next
Still on the Hook for FISMA Compliance

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.