In our article “EHR and ICD-10 Explained,” we discussed the importance of healthcare privacy (Protected Health Information—PHI) and the legal consequences that a medical provider can face if he/she violates the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA was enacted on August 21, 1996, and is designed to (as stated in its General Rules section of their website the following):
-
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
-
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
-
- Protect against reasonably anticipated, impermissible uses or disclosures; and
-
- Ensure compliance by their workforce.
Here’s one example of a HIPAA violation that went to the extreme and which signifies the importance of being vigilant so as not to breach PHI rules.
Surgeon Arrested for HIPAA Violations
A cardiac surgeon, Huping Zhou, was sentenced in April 2024 to four months in jail. He acquired patient records after being fired from the UCLA School of Medicine in 2003 and viewed them 323 times over a three-week period.
Zhou accessed the medical files of his coworkers and the confidential records of celebrities who were patients at the UCLA School of Medicine at one time or another after he was let go from the position.
Zhou pleaded guilty but claimed ignorance, as his lawyer stated that UCLA did not provide adequate training on the consequences of accessing confidential patient files at the time. That was not convincing enough for the court, and Zhou was sentenced and ordered to pay a $2,000.00 fine. This was the first time a person had been jailed for violating HIPPA privacy rules.
The US Government Takes PHI Very Seriously
It is evident that the government is taking HIPAA PHI infractions quite seriously and will take action against those who violate it. Although the case against Zhou was the first verdict for jail time, instances like this are not uncommon when it comes to violating the rights of celebrities.
In 2008, a former hospital employee accessed and sold Farrah Fawcett’s and Britney Spears’s medical records and gave them to the National Enquirer.
The government appears to be making it clear that breaches in healthcare PHI will not be tolerated. It conveys that adequate HIPAA training is essential within healthcare provider organizations.
For more information, please see Surgeon Jailed for HIPAA Privacy Law on the Abrams Fensterman website.