HIPAA criminal charges are still relatively uncommon, and frankly, I’m not sure why they’re not charged more often in cases of theft of patient information for tax refund fraud. I assume federal prosecutors know something that I don’t, though. In any event, here’s a case where a HIPAA criminal charge was filed:
TYLER, Texas — A former employee of an East Texas hospital has been indicted for criminal violations of the Health Insurance Portability and Accountability Act, more commonly known as HIPAA, in the Eastern District of Texas, announced U.S. Attorney John M. Bales today.
Joshua Hippler, 30, formerly of Longview, Texas, was indicted on charges of Wrongful Disclosure of Individually Identifiable Health Information. According to the indictment, from December 1, 2012, through January 14, 2013, Hippler, who was then an employee of a covered entity under HIPAA, obtained protected health information with the intent to use the information for personal gain. HIPAA contains provisions protecting the privacy of individually identifiable health information.
If convicted, Hippler faces up to ten years in prison.
The investigation leading to the charges was conducted by agents from the U.S. Department of Health and Human Services – Office of Inspector General (HHS-OIG) and the U.S. Postal Inspection Service. Assistant United States Attorney Nathaniel C. Kummerfeld is prosecuting the case.
A grand jury indictment is not evidence of guilt and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
SOURCE: U.S. Attorney’s Office, Eastern District of Texas
The court documents do not name the hospital and Hippler is facing one count, so I’m wondering whether he only stole one employee’s information. Many prosecutors would charge one count for each patient whose information was stolen.