Hospital Worker Facing Criminal Charges for HIPAA Violations

by | Jul 17, 2014

Texan prosecutors recent;y filed an indictment in the Tyler District Court against Joshua Hippler, a 30-year-old former worker at an unnamed hospital in East Texas. In accordance with the Health Insurance Portability and Accountability Act of 1996, individuals and covered bodies can face criminal charges for violations of HIPAA Privacy and Security Rules. The case was filed earlier in 2014 but it was sealed until July 3.

Mr Hippler is charged with one count of violations of HIPAA Rules after he stole medical records from the hospital where he was emplyed. According to a statement issued to Security Media Group, and reported on, a spokesperson for the Department of Justice stated “We cannot comment on how many patient records, his job, employer or the nature of the violation in detail as this is an ongoing investigation,” she says. “The violation came to light when Hippler was arrested in Georgia and found to be in possession of patient records. Although criminal HIPAA charges are uncommon, our decision to charge Hippler is not based on any DOJ directive or crackdown.”

The case will begin on Sept 3, 2014, and if found guilty, Hippler could be issued with a penalty of $250,000 and could face up to 10 years in jail.

Even though criminal charges can be pressed, to date there have been few cases that have gone to court. Court cases are usually reserved for cases of medical or identity fraud, and in this case, while there may have been intent to sell the information does not seem to have been disclosed to other individuals.

Most cases of improper disclosure of medical information involve no malicious intent and many involve accidental disclosure of PHI. Many of these cases also involve multiple members of the work force and arise out of a lack of training on HIPAA Privacy and Security Rules, with the institution itself responsible for the majority of cases for failing to provide training as required under the Security Rule Administrative safeguards.

However, the value of healthcare data coupled with poor security standards in many hospitals is proving tempting for many workers and each year there are numerous cases of improper accessing of medical records by hospital staff.

While a criminal case such as this cannot make up for a data breach, it does bring the matter to the attention of the media and sends a warning to healthcare workers that the theft of PHI will not be tolerated. Action can, and is taken against people that violate the privacy of patients by accessing or stealing their healthcare information and personal identifiers, and the sanctions for these actions can be severe.

This incident should also send a message to healthcare organizations that they must take patient privacy seriously and put in place policies and procedures to protect the data they hold on patients. Not only can criminal charges be sought against workers for snooping on patient data, the organizations that these people work for could also face stiff financial penalties if it is found that they have not provided training on HIPAA Privacy and Security Rules or have not instructed their workforce of the consequences of breaching HIPAA Rules.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy