Criminal HIPAA Violation leads to Federal Investigation

by | Aug 13, 2014

Violations of HIPAA regulations, failures to ensure compliance and for accidentally causing the privacy of patients to be compromised will lead to healthcare organizations facing heavy fines. Criminal charges may also be filed if it can be proven that data was viewed or copied for personal profit or gain, as is the case with a former hospital member of staff from East Texas.

The Office of the Inspector General of the U.S. Department of Health and Human Services carried out an investigation on a former staff member of an East Texas hospital in conjunction with the U.S. Postal Inspection Services and found evidence of criminal activity.

The hospital employee is believed to have obtained Protected Health Information (PHI) while working at the hospital between December 1, 2012 and January 14, 2013. The individual has now been indicted for criminal violation of the Health Insurance Portability and Accountability Act and faces a charge of Wrongful Disclosure of Individually Identifiable Health Information.

The illegal theft or use of PHI for personal gain or to cause malicious damage is relatively rare, although there have been some notable cases over the past 10 years. The penalties are stiff for the offender and if proven guilty sentences of up to 10 years in jail can be ordered in along with financial penalties.

The incident serves as a warning to healthcare organizations to be aware of internal dangers to data security in addition to implementing measures to protect data against unlawful access by external third parties.

Internal data breaches are deemed HIPAA violations and the organization responsible for the staff member can also be held accountable for any data breach or theft. As part of HIPAA compliance audits access rights of staff to databases containing PHI must be reviewed and access restricted. A record or account of staff training on HIPAA compliance must also be kept and the obligations under HIPAA should be effectively communicated to all staff.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy