There’s an update to a breach PHIPrivacy.net reported in November 2013 involving a billing specialist at Owensboro Medical Health System who used patients’ information to secure loans from online lenders for her own use. This was a criminal prosecution under HIPAA, although there were also other counts under other federal statutes.
The Messenger-Inquirer reports that Ilene W. Bullington pleaded guilty yesterday. One of the nine charges against her will be dismissed on acceptance of the plea deal and she will have to pay $11,895.00 in restitution to various online lenders as part of the deal. She pleaded guilty to the one HIPAA violation count.
According to court records, if Bullington had gone to trial and been convicted, she faced:
a combined maximum term of imprisonment of 129 years, a combined maximum fine of $2,250,000,and a three (3) year term of supervised release. Defendant understands that an additional term of imprisonment may be ordered if the terms ofthe supervised release are violated, as explained in 18 U.S.C. § 3583.
Hopefully, she also understood that no judge was likely to impose a 129-year sentence for this crime.