Medicare Compliance & Reimbursement

Enforcement Watch:

Yes, You Can Do Time For HIPAA Violations

Watch for more prison sentences for privacy rule abuses.

Wake up, providers: Since its inception in 2003, the Health Insurance Portability and Accountability Act has never resulted in a criminal conviction - until now.

According to prosecutors, former Seattle Cancer Care Alliance employee Richard Gibson pleaded guilty Aug. 19 to wrongful disclosure of individually identifiable health information for economic gain - and is expected to serve 10 to 16 months imprisonment.

Gibson admitted that while working at SCCA he obtained a cancer patient's name, date of birth and Social Security number, and used the information to get four credit cards in the patient's name. He then used the cards to ring up more than $9,000 in personal purchases, including video games, home improvement supplies, apparel, jewelry, porcelain figurines, groceries and gasoline, the U.S. Attorney's office reports.

As part of his plea agreement, Gibson must pay restitution to both the credit card companies and the patient.

"This case should serve as a reminder that misuse of patient information may result in criminal prosecution," said U.S. Attorney John McKay.

Lesson Learned: Acting outside the bounds of HIPAA could have criminal consequences.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

Other Articles in this issue of

Medicare Compliance & Reimbursement

View All