skip to main content

March 19, 2019

By: Robert A. Anderson and

A former Patient Information Coordinator (Patient Coordinator), previously employed with UPMC and its affiliate, Tri Rivers Musculoskeletal Centers (TRMC) in Mars, Pennsylvania, pleaded guilty to a charge of wrongfully disclosing health information, in violation of the Health Insurance Portability and Accountability Act (HIPAA). The FBI led the investigation that revealed the Patient Coordinator improperly accessed the individual health information of 111 UPMC patients who had not received services at TRMC. Additionally, the investigation uncovered that the Patient Coordinator unlawfully disclosed personal gynecological health information related to two such patients, “with the intent to cause those individuals embarrassment and mental distress.”1

It is rare that a HIPAA violation leads to criminal prosecution and should serve as a warning to facility employees with access to protected health information who might be tempted to violate HIPAA for nefarious reasons. The Patient Coordinator could face up to 10 years in prison, a fine of $250,000, or both for violating HIPAA laws. The Court will sentence the employee on June 25, 2019. To read the Department of Justice press release regarding the case, please click here

If you have questions regarding this alert, or HIPAA compliance questions, please contact Robert A. Anderson at, Alexandria M. Foster at, or any other Krieg DeVault attorney in the Health Care Practice Group.