HIPAA Violations: UPMC Employee Criminally Indicted
A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients' data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.
The indictment alleges that Pepala disclosed to other people the names, birth dates and Social Security numbers of patients, in violation of HIPAA laws. This patient data was used to file false tax returns in 2008. Pepala was also charged with violating the Social Security Act by disclosing Social Security numbers.
The law provides for a maximum sentence of 80 years in prison, a fine of more than $4.7 million, or both.
John Commins is a senior editor with HealthLeaders Media.
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Centralizing the Revenue Cycle Protects the Bottom Line
- A Fresh Look at End-of-Life Care
- 3 in 4 Patients Want E-mail Consultations
- Heart Attack Patient Costs Skyrocket Beyond 30 Days
- CA Fines 8 Hospitals for Medical Errors
- ACGME Chief Sees 'Huge' Risk of Error in Proposed Assistant Physician Licensure
- 3 Insider Tips on Cutting Costs without Strangling Growth