Snoop Through Records, Go Directly To Jail
A former researcher at UCLA has the dubious distinction of being the first person sentenced to prison under HIPAA for snooping through medical records.
The Justice Department press release reports that the researcher, Huping Zhou, who admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, was sentenced to four months in federal prison. Zhou specifically admitted to knowingly obtaining individually identifiable health information without a valid reason, medical or otherwise. Zhou is the first person in the nation to be convicted and incarcerated for misdemeanor HIPAA offenses for merely accessing confidential records without a valid reason or authorization.
Zhou accessed patient records 323 times over a three week period after learning that he was being dismissed for poor performance.
Significantly, the DOJ stated "There is no evidence that Zhou improperly used or attempted to sell any of the information that he illegally accessed."
How do you report someone who is doing this and to who do you report it?
For instructions on how to report a violation to the Office of Civil Rights of the Department of Health and Human Services, see http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
Also, contact your state Attorney General's office. State AGs are now authorized to bring actions to enforce HIPAA and share the proceeds with individuals whose privacy was violated. See http://hipaahealthlaw.foxrothschild.com/2010/09/articles/breaches/the-parade-of-phi-security-breaches-providers-and-insurers-beware-of-attorney-general-richard-blumenthal-and-other-attorneys-general/