Share this article on:
Accessing the healthcare data of patients without authorization is prohibited under HIPAA legislation, and the disclosure of this information to a third party is a criminal matter. The offense carries a jail term of up to 10 years in addition to a maximum fine of $500,000 if the disclosure is made for personal gain.
One of the latest examples of wrongful disclosure of individually identifiable health information comes from the Eastern District of Texas where former Longview resident, Joshua Hippler, 30 has been convicted this offence and sentenced to serve 18 months in jail.
Hippler was a former employee of an East Texas hospital where he was alleged to have accessed Protected Health Information with the intention of selling it on for personal gain. Hippler was indicted by a federal grand jury on Mar. 26, 2014 and the case was heard by United States Magistrate Judge John D. Love on August 28, 2014.
Hippler pleaded guilty to the offenses that took place at an unnamed East Texas hospital between December 1, 2012 and January 14, 2013.
The U.S. Department of Health and Human Services’ Office of Inspector General (HHS-OIG) and the U.S. Postal Inspection Service conducted an investigation into the HIPAA violations, with the case prosecuted by Assistant U.S. Attorney Nathaniel C. Kummerfeld.
Sentencing has now taken place with U.S. District Judge Leonard Davis ordering Hippler to serve one year and six months in prison, although this is considerably less than the 10 year maximum term.
The case should serve as a warning to all employees of HIPAA-covered entities that the theft of Protected Health Information is treated with the utmost seriousness and is highly likely to result in jail time.