I found this little item in yesterday’s issue of Modern Healthcare’s Daily Dose electronic newsletter (www.modernhealthcare.com). It just goes to show that HIPAA can have a strong bite to it:
A 30-year-old Oklahoma City woman pleaded guilty to one count of a criminal violation of the privacy protection provisions of the Health Insurance Portability and Accountability Act of 1996, according to a news release by U.S. Attorney John Richter in Oklahoma City.
Leslie Howell was an employee of an unnamed Oklahoma City counseling center when she allowed two people to take files from her workplace that contained individually identifiable health information, according to the release. Because there was intent to obtain personal gain, prosecutors were able to seek the most severe HIPAA privacy penalty against Howell, who now faces up to 10 years in prison and a fine of up to $250,000.
Howell was indicted Feb. 15 and accused of providing more than 100 patient files to a pair of accomplices, according to an Associated Press report.
The release from Richter’s office stated that Howell allowed Ryan Jay Meckenstock and Nicole Lanae Stevenson, both of Oklahoma City, to obtain patient files. In October 2007, both Meckenstock and Stevenson pleaded guilty to federal charges of fraudulently obtaining credit cards and aggravated identity theft. Neither Meckenstock nor Stevenson were charged with HIPAA violations, however, as a controversial 2005 advisory issued by the legal counsel office of the Justice Department limited the ability of federal prosecutors to charge individuals with criminal HIPAA violations.