Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Jail Time For HIPAA Violator

Dom Nicastro, for HealthLeaders Media, April 30, 2010

United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison Tuesday, according to the U.S. Attorney's Office in the Central District of California.

Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.

Wistrich condemned Zhou for his lack of respect for patient privacy, according to the release.

Zhou is the first person in the nation to be convicted and incarcerated for misdemeanor HIPAA offenses for merely accessing confidential records without a valid reason or authorization, according to the attorney's office.

Zhou in January of this year pleaded guilty to four misdemeanor counts of violating the HIPAA Privacy Rule. He is a licensed cardiothoracic surgeon in China who was employed in 2003 at UCLA Healthcare System as a researcher with the UCLA School of Medicine.

According to the U.S. attorney's release, on October 29, 2003, Zhou accessed and read his immediate supervisor's medical records and those of other co-workers. He had received a notice of dismissal that day from UCLA Healthcare for reasons not related to snooping. It is unclear when exactly he was fired and how he accessed records for three weeks after receiving the dismissal notice.

According to court documents, Zhou for the next three weeks accessed the UCLA patient records system 323 times, with most of the accesses involving well recognized celebrities.

How can your organization catch a snooper like Zhou? Perhaps set them up for failure.

Some facilities use "honeypots" as bait to catch snooping staff members who are in violation of HIPAA. "Honeypots," also referred to as "honeynuts," are fictitious medical records that IT monitors to determine if anyone is accessing them.

The terms honeypots and honeynuts derive from the notion that if you want to catch birds, you scatter birdseed.


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.