There’s an update to a HIPAA breach case that this site has been following since 2018, when DOJ announced that Linda S. Kalina had been indicted by a federal grand jury in Pittsburgh and charged with six counts of wrongfully obtaining and disclosing the health information of another individual. In March of this year, she pleaded guilty to one count.
We don’t see many (or nearly enough) criminal HIPAA prosecutions. In this case, DOJ’s press release at the time of her guilty plea stated:
In connection with the guilty plea, the court was advised that Linda Sue Kalina worked, from March 7, 2016 through June 23, 2017, as a Patient Information Coordinator with UPMC and its affiliate, Tri Rivers Musculoskeletal Centers (TRMC) in Mars, Pennsylvania, and that during her employment, contrary to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) improperly accessed the individual health information of 111 UPMC patients who had never been provided services at TRMC.
In other information, the U.S. Attorney’s Office revealed that many of the 111 UPMC patients were coworkers, former classmates, and relatives of Kalina. According to the DOJ:
After her termination from TRMC, Kalina gained employment with Allegheny Health Network, and worked, from July 24, 2017 to August 17, 2017, as a Patient Access Coordinator, where she again improperly accessed individual health information to which she was not entitled. On August 11, 2017, Kalina disclosed personal health information related to two individuals, with the intent to cause them embarrassment and mental distress. Kalina’s employment with AHN was terminated approximately six days later.
Yesterday, United States Attorney Scott W. Brady announced that she had been sentenced to one year in prison followed by three years’ supervised release.
The court further ordered that Kalina have no contact with any of the individuals she victimized during the imposed terms of imprisonment and supervised release.
That was the maximum sentence under the federal sentencing guidelines.