Surgeon Sentenced to Jail Following HIPAA Violation
While warnings about heightened penalties for HIPAA violations proliferated following last year’s passage of the Health Information Technology for Economic and Clinical Health Act (HITECH), one California physician apparently failed to take notice.
Huping Zhou, a licensed cardiothoracic surgeon who was previously working at the UCLA School of Medicine as a researcher, was sentenced in late April to four months of jail after pleading guilty to improperly accessing patient medical records. Zhou’s sentence marks the first incarceration for security breaches under the heighted HITECH penalties.
In light of the enhanced penalties, health care providers should make sure that all employees understand HIPAA rules and regulations, and are aware that any unauthorized access to patient files constitutes a HIPAA violation. While “file snooping” is most prevalent when the patient is a celebrity, employees may also be tempted to peek at files for their neighbor, child’s teacher, or other acquaintances. While employees may believe they are permitted to view such records, access to protected health information must be for treatment, payment, or health care operations. Therefore, perusing a patient’s file out of curiosity is not an authorized access and can land a practice in hot water.
The American Medical Association advises practices to conduct credit checks and other background searches on potential employees prior to hiring and instatement. For example, if a practice treats many celebrities, the practice should be wary of hiring an employee who has a lot of debt or a low credit score, as the employee may be tempted to sell the information to tabloids or newspapers.
