March 20, 2019
A former Patient Information Coordinator (Patient Coordinator), previously employed with UPMC and its affiliate, Tri Rivers Musculoskeletal Centers (TRMC) in Mars, Pennsylvania, pleaded guilty to a charge of wrongfully disclosing health information, in violation of the Health Insurance Portability and Accountability Act (HIPAA). The FBI led the investigation that revealed the Patient Coordinator improperly accessed the individual health information of 111 UPMC patients who had not received services at TRMC. Additionally, the investigation uncovered that the Patient Coordinator unlawfully disclosed personal gynecological health information related to two such patients, “with the intent to cause those individuals embarrassment and mental distress.”1
It is rare that a HIPAA violation leads to criminal prosecution and should serve as a warning to facility employees with access to protected health information who might be tempted to violate HIPAA for nefarious reasons. The Patient Coordinator could face up to 10 years in prison, a fine of $250,000, or both for violating HIPAA laws. The Court will sentence the employee on June 25, 2019. To read the Department of Justice press release regarding the case, please click here.
If you have questions regarding this alert, or HIPAA compliance questions, please contact Robert A. Anderson at email@example.com, Alexandria M. Foster at firstname.lastname@example.org, or any other Krieg DeVault attorney in the Health Care Practice Group.