Indictment Alleges HIPAA ViolationsEx-Employee Charged with Providing Info for False Tax Returns
Paul Pepala of Monroeville, Pa., who formerly worked at the UPMC Shadyside Hospital, Pittsburgh, is charged in a 14-count indictment with accessing patient names, birth dates and Social Security numbers and disclosing them to others for personal gain in violation of HIPAA, according to U.S. Attorney's Office for the Western District of Pennsylvania. Pepala also was charged with violating the Social Security Act by disclosing Social Security numbers to others.
"The information was used to file false tax returns in 2008," according to the U.S. Attorney's office.
If convicted, Pepala faces a maximum total sentence of 80 years in prison, a fine of $4.73 million or both.
Rare CasePrison terms for HIPAA violations are rare. In April, a former UCLA Healthcare System surgeon became the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation.
Huping Zhou of Los Angeles was sentenced to four months in prison after admitting he illegally read private electronic medical records of celebrities and others, according to the U.S. attorney's office for the central district of California.
Zhou pleaded guilty in January to four misdemeanor counts of violating the HIPAA privacy rule. He admitted obtaining individually identifiable health information without a valid reason.
That case dated back to 2003, when Zhou, a licensed cardiothoracic surgeon, received notice that he was being dismissed from his job. On the day he received the notice, Zhou accessed and read his immediate supervisor's medical records and those of other co-workers, according to prosecutors. For three weeks, he continued illegally accessing patient records, including those of celebrities, accessing the patient records system 232 times.