Healthcare Worker Charged with Criminally Violating HIPAA Rules

A former University of Pittsburgh Medical Center patient information coordinator has been indicted by a federal grand jury over criminal violations of HIPAA Rules, according to an announcement by the Department of Justice on June 29, 2018.

Linda Sue Kalina, 61, of Butler, Pennsylvania, has been charged in a six-count indictment that includes wrongfully obtaining and disclosing the protected health information of 111 patients.

Kalina worked at the University of Pittsburgh Medical Center and the Allegheny Health Network between March 30, 2016 and August 14, 2017. While employed at the healthcare organizations, Kalina is alleged to have accessed the protected health information (PHI) of those patients without authorization or any legitimate work reason for doing so.

Additionally, Kalina is alleged to have stolen PHI and, on four separate occasions between December 30, 2016, and August 11, 2017, disclosed that information to three individuals with intent to cause malicious harm.

Kalina was arrested following an investigation by the Federal Bureau of Investigation. The case was taken up by the Department of Justice and she is being prosecuted by Assistant United States Attorney, Carolyn Bloch, on behalf of the federal government.

If found guilty on all counts, Kalina faces up to 11 years in jail and could be ordered to pay a fine of up to $350,000. The sentence will be dictated by the seriousness of the offenses and any prior criminal history.

The Department of Justice is taking a hard line on individuals who violate HIPAA Rules and impermissibly access and disclose PHI with malicious intent. There have been several other cases in 2018 that have seen former healthcare workers indicted for criminal HIPAA violations, with three cases resulting in imprisonment.

In June 2018, a former employee of the Veteran Affairs Medical Center in Long Beach, CA, Albert Torres, 51, was sentenced to serve 3 years in jail for the theft of protected health information and identity theft. Torres pleaded guilty to the charges after law enforcement officers discovered the records of 1,030 patients in his home.

In April, 2018, former receptionist at a New York dental practice, Annie Vuong, 31, was sentenced to serve 2 to 6 years in jail for stealing the PHI of 650 patients and providing that information to two individuals who used the data to rack up huge debt’s in patients’ names.

In February, a former behavioral analyst at the Transformations Autism Treatment Center in Bartlett, TN, Jeffrey Luke, 29, was sentenced to 30 days in jail, 3 years supervised release, and was ordered to pay $14,941.36 in restitution after downloading the PHI of 300 current and former patients onto his personal computer.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.