In the first HIPAA prosecution in the Western District of Pennsylvania, United States Attorney David J. Hickton announced this week that a resident of Monroeville, Pa., had been indicted by a federal grand jury in Pittsburgh on charges of multiple illegal disclosures and use of patient individually identifiable health information for personal gain. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) law passed by Congress provides for national standards for electronic health care transactions, and protects patients from the unauthorized disclosure of personal medical information without their consent.
The 14 count indictment named Paul C. Pepala, 34, as the sole defendant.
According to the indictment, in February 2008, Pepala, then employed at UPMC Shadyside Hospital, disclosed to others names, birth dates and Social Security numbers of patients for personal gain, in violation of federal HIPAA laws, and disclosed Social Security numbers to other persons without their authorization. This information was used to file false tax returns in 2008. Pepala was also charged with violating the Social Security Act by disclosing Social Security numbers in violation of federal law.
The law provides for a maximum total sentence of 80 years in prison, a fine of $4,730,000, or both. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offenses and the prior criminal history, if any, of the defendant.
An indictment or information is an accusation. A defendant is presumed innocent unless and until proven guilty.
Source: U.S. Attorney’s Office, Western District of Pennsylvania