Enforcement Watch:
Yes, You Can Do Time For HIPAA Violations
Published on Fri Sep 03, 2004
Watch for more prison sentences for privacy rule abuses.
Wake up, providers: Since its inception in 2003, the Health Insurance Portability and Accountability Act has never resulted in a criminal conviction - until now.
According to prosecutors, former Seattle Cancer Care Alliance employee Richard Gibson pleaded guilty Aug. 19 to wrongful disclosure of individually identifiable health information for economic gain - and is expected to serve 10 to 16 months imprisonment.
Gibson admitted that while working at SCCA he obtained a cancer patient's name, date of birth and Social Security number, and used the information to get four credit cards in the patient's name. He then used the cards to ring up more than $9,000 in personal purchases, including video games, home improvement supplies, apparel, jewelry, porcelain figurines, groceries and gasoline, the U.S. Attorney's office reports.
As part of his plea agreement, Gibson must pay restitution to both the credit card companies and the patient.
"This case should serve as a reminder that misuse of patient information may result in criminal prosecution," said U.S. Attorney John McKay.
Lesson Learned: Acting outside the bounds of HIPAA could have criminal consequences.