HIPAA Violations: UPMC Employee Criminally Indicted
A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients' data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.
The indictment alleges that Pepala disclosed to other people the names, birth dates and Social Security numbers of patients, in violation of HIPAA laws. This patient data was used to file false tax returns in 2008. Pepala was also charged with violating the Social Security Act by disclosing Social Security numbers.
The law provides for a maximum sentence of 80 years in prison, a fine of more than $4.7 million, or both.
John Commins is a senior editor with HealthLeaders Media.
- 69% of Employers Plan to Offer Healthcare Coverage After 2014
- Building a Better Healthcare Board
- CMS Seeks to 'Rapidly Reduce' Medicare Spending with $1B in Grants
- Primary Care Docs Average More Hospital Revenue Than Specialists
- Hospital Pricing Data Dump Won't Hurt You, Yet
- Quiet ORs Better for Patient Safety
- Case Study: Advance Care Conversations
- Patient Harm Data to Remain on Medicare's Hospital Compare Site
- CMS Releases Hospital Pricing Data
- Evidence-Based Practice and Nursing Research: Avoiding Confusion