Share this article on:
A former employee of an affiliate of University of Pittsburgh Medical Center (UPMC) who was discovered to have accessed the medical records of patients without authorization has pleaded guilty to one count of wrongful disclosure of health information with intent to cause harm and now faces a fine and jail term for the HIPAA violation.
Ms. Linda Sue Kalina, 61, of Butler, PA, had previously worked as a patient care coordinator at Tri Rivers Musculoskeletal (TRM) between March 7, 2016 and June 23, 2017 before moving to Allegheny Health Network (AHN) where she worked from July 24, 2017 to August 17, 2017.
Between December 2016 and August 2017, Ms. Kalina was accused of accessing the files of 111 UPMC patients and 2 AHN patients without authorization or any legitimate work reason for doing so. According to her indictment, she also disclosed the PHI of four of those patients to individuals not authorized to receive the information.
Prior to working at TRM, Ms. Kalina had been employed at Frank J. Zottola Construction for 24 years until she was fired from the position of office manager. While at TRM and AHN, Ms. Kalina had impermissibly accessed the medical records of employees of the construction firm, including the gynecological records of the woman who replaced her.
Ms. Kalina was accused of sending an email to the company controller in June 2017 in which she disclosed the woman’s gynecological records and also left a voicemail revealing information from those records to another Zottola employee in August 2017.
Zottola contacted UPMC to complain about the privacy violation, and after an internal investigation, Ms. Kalina was fired. The HIPAA violation case was then pursued by the Department of Justice.
Ms. Kalina was indicted on six counts in the summer of 2018 in relation to wrongfully obtaining and disclosing PHI in violation of HIPAA, including disclosing PHI with intent to cause malicious harm.
In federal court, Ms. Kalina pleaded guilty to one count of wrongful disclosure of ePHI with intent to cause harm – leaving the voicemail message and admitted having accessed the medical records of more than 100 individuals without authorization.
U.S. District Judge Arthur Schwab agreed to release Ms. Kalina on bond pending sentencing on June 25, 2019. Ms. Kalina was ordered not to make contact with any of the victims and the victims were instructed not to make contact with Ms. Kalina.
Ms. Kalina faces a fine of up to $250,000 for the HIPAA violations and a sentence of up to 10 years in jail.