1st Jail time awarded for HIPAA violation accessing/reading medical records

Published

from: u.s. attorney's office of the central district of california

may 05, 2010

ex-ucla healthcare employee sentenced to federal prison for illegally peeking at patient records

los angeles - a former ucla healthcare system employee who admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, was sentenced today to four months in federal prison.

huping zhou, 47, of los angeles, was sentenced this afternoon by united states magistrate judge andrew j. wistrich, who condemned zhou for his lack of respect for patient privacy.

zhou pleaded guilty in january to four misdemeanor counts of violating the federal privacy provisions of the health insurance portability and accountability act (hipaa). zhou specifically admitted to knowingly obtaining individually identifiable health information without a valid reason, medical or otherwise.
zhou is the first person in the nation to be convicted and incarcerated for misdemeanor hipaa offenses for merely accessing confidential records without a valid reason or authorization
...

Accessing the records of his supervisors and co-workers and those of celebrities 323 times in three weeks after being given notice that he was going to be canned sounds like a blatant nose-thumbing at regulations. He is extremely fortunate to be charged with only four counts of snooping in the plea deal.

I think the brazenness of his actions, the number of times he peeked, and the sheer stupidity of doing something like this in the age of IT tracking ability (and possibly whatever got him fired in the first place) account for the harshness of the sentence rather than any racial motivation. He really had a bad case of cranio-rectal inversion.

Up Vote Up Vote ×
Everything in those sites is public. What makes those sites annoying and upsetting (I agree with you, btw) is the ease with which it's accessed all in one place.

While I think what the employee did was wrong, and he should be punished for it, I wonder if the fact that he accessed CELEBRITY records came into play somehow.

I hardly think anyone would have even NOTICED if he had accessed all of OUR records, let alone prosecuted him. I'm confident that the celebrity status had a lot to do with it.

Edited to add: Sorry geocachingRN... I just finished reading the posts after the one I quoted and saw your post that says basically the same thing about fine vs. jail...

I don't know that jail is the appropriate sentence. IMHO, he should be fired, face a hefty fine (which GENERATES money for the government... as opposed to jail, which costs taxpayers money), and have a suspension on his license so that he can't practice for an appropriate period of time.

Up Vote Up Vote ×
Specializes in Acute Care Cardiac, Education, Prof Practice.

I wish I could get my unit clerk prosecuted for reading patient information she deems "interesting".

Tait

Up Vote Up Vote ×
Specializes in Alzheimer's, Geriatrics, Chem. Dep..

Well I think that unless jail time is given for violations, people aren't going to take it seriously. ALTHOUGHHHH, I sometimes think there is OVER protection... but if I was the one violated, or a family member, I would be pretty angry.

a question, what should you do if someone violates confidentiality on Facebook, you know this person and facility, maybe it is only a first name but STILL... they could be identified, and some statements have been derogatory.

also I have seen former coworkers refer to one of the people they work with ON FACEBOOK (apparently this staff person doesn't have a FB page) - and very derogatory/teasing/cruel, and they have used her whole name. It is very very unprofessional. Would you do anything (besides message the individuals which I have)

Up Vote Up Vote ×
As egregious as this was, I don't believe he can play the race card.

Orca, how silly! Anyone can play the race card for any reason at any time. :)

Up Vote Up Vote ×
Specializes in Alzheimer's, Geriatrics, Chem. Dep..
It had to. Most likely someone in IT was looking over usage logs and saw a number of accesses of records of high profile patients, identified the person making the requests, and the rest is history.

Probably it was so the hospital wouldn't get sued by the celebrity!

Up Vote Up Vote ×
Probably it was so the hospital wouldn't get sued by the celebrity!

Now I agree with that!

Up Vote Up Vote ×
I almost said this was excessive until I noticed that he accessed the records 323 times in a 3 week period after he was told he would be fired for the exact same violation. You would think his work as a cardiothoracic surgeon would have kept him busier than that. He needs a time out and a hefty fine.

Swipe his license. That would stop him from accessing records. Permanently. Oh, and probably send him straight to the poorhouse as well.

Up Vote Up Vote ×
+ Join the Discussion