Texas Women Pleads Guilty to HIPAA Violations
U.S. Attorney John M. Bales has announced that Joneshia Cranford, a 33-year old resident of Lufkin in the Eastern District of Texas, has pleaded guilty to violations of the Health Information Portability and Accountability Act of 1996.
Cranford was accused of inappropriately accessing the Protected Health Information of patients at the healthcare facility where she worked and disclosing that information for financial reward, with the woman pleading guilty to the wrongful disclosure of individually identifiable health information.
The two individuals to whom the information was disclosed – Shavator Albro, 35, and Francis “Frank” Ibiok, 28 from Houston – have both pleaded guilty to healthcare and identity fraud charges.
The willful disclosure of individually identifiable health information carries a maximum jail sentence of 10 years, while the use of that information to commit Medicare, Medicaid or Insurance fraud carries a maximum penalty of 15 years imprisonment. A sentencing date for the offenses has yet to be set.
HIPAA is policed by the Office of Civil Rights of the Department of Health and Human Services, and an investigation into the violations is still ongoing. The Texas Office of the Attorney General, the Office of Inspector General (HHS-OIG) and the Medicaid Fraud Control Unit (OAG-MFCU) are also all involved in the investigation.
The case was heard by U.S. Magistrate Judge Zack Hawthorn and Cranford is currently undergoing a pre-sentence report. While the maximum term is 10 years in prison, it is possible that a plea deal would be accepted requiring Cranford to spend at least 60 days in jail and 5 years on probation; with credit provided for the time already served.
Healthcare institutions can be held accountable for violations of HIPAA caused by employee snooping and it is possible that the OCR will issue a fine to the healthcare organization where Cranford worked if evidence of non-compliance issues is discovered.