Former Healthcare Worker Sees Jail Time for Violating HIPAA Rules

On June 29, 2018, the Department of Justice announced that a former patient information coordinator has been indicted by a federal grand jury for violations of HIPAA legislation regarding the private healthcare information of over 100 patients. 

The former employee of the University of Pittsburgh Medical Center, Linda Sue Kalina, 61, of Butler, Pennsylvania, has been charged in an indictment pertaining to six counts of criminal activity. The indictment includes wrongfully obtaining and disclosing the protected health information (PHI) of 111 patients at the Medical Center where she once worked. 

Kalina was employed by the University of Pittsburgh Medical Center and the Allegheny Health Network as a patient information coordinator between March 30, 2016 and August 14, 2017. Prosecutors alleged that Kalina abused her position to access the protected health information of the 111 patients without authorization from her employers or from the patients. They further claimed that she lacked any legitimate work reason for doing so. Kalina is alleged to have stolen the PHI and used it for personal gains. 

The prosecutors further alleged that on four separate occasions between December 30, 2016, and August 11, 2017, Kalina disclosed the PHI which she gathered to three individuals not associated with the medical center, with intent to cause malicious harm to the patients.

Following an investigation by the Federal Bureau of Investigation, Kalina was arrested and charged with several counts of violating HIPAA legislation. The case was eventually transferred to the Department of Justice. Kalina is being prosecuted by Assistant United States Attorney, Carolyn Bloch, on behalf of the federal government.

If the jury finds Kalina found guilty on all six counts, she will face up to 11 years in jail. In addition to jail time, she could be ordered by the courts to pay a fine of up to $350,000. The seriousness of the offences and any prior criminal history will be considered when the severity of her sentence is decided. 

The Department of Justice is taking severe action against individuals who violate HIPAA Rules and impermissibly access and disclose PHI with malicious intent. This past year has seen several other cases similar to Kalina’s in which former healthcare workers have been indicted for criminal HIPAA violations. Three of these cases have resulted in imprisonment.

One of these cases saw a former employee of the Veteran Affairs Medical Center in Long Beach, California, sentenced to serve 3 years in jail in June 2018. The former employee, Albert Torres, 51, was indicted for the theft of protected health information and identity theft. Torres pleaded guilty to the charges after law enforcement officers discovered the records of 1,030 patients in his home.

A similar case was seen in April, 2018. A former receptionist at a New York dental practice, Annie Vuong, 31, was sentenced to between 2 and 6 years in jail for stealing the PHI of 650 patients. She was indicted with sharing the stolen information to two individuals who used the data to rack up huge debt’s in patients’ names.

February 2018 saw Jeffrey Luke, 29, sentenced to 30 days in jail and three year’s supervised release. He was a behavioral analyst at the Transformations Autism Treatment Center in Bartlett, TN. In addition to the jail time, he was ordered to pay $14,941.36 in restitution after downloading the PHI of 300 current and former patients onto his personal computer.