Health worker is first HIPAA privacy violator to get jail time

Share this article:

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities.

Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Attorney's Office for the Central District of California.

Zhou, a licensed surgeon in China, was working as a researcher at the UCLA School of Medicine in 2003 when he began accessing medical records of his supervisor and co-workers after being notified that he soon would be fired for job performance issues, prosecutors said. Over the next three weeks, he extended his snooping to mostly celebrity records. In total, he accessed the patient records system 323 times.

As part of a plea agreement, Zhou admitted he "obtained and read" private medical records on four separate occasions and had no legitimate reason to do so, prosecutors said.

Zhou's attorney did not return a telephone call seeking comment.

"UCLA considers patient confidentiality a critical part of our mission of providing the highest level of teaching, research and patient care and fully supports the U.S. attorney's initiatives to protect patient privacy by vigorous enforcement of HIPAA," the health system said in a statement.

The prosecution of Zhou appears to be proof that attorneys generals are increasingly willing to take HIPAA violators to court.

New York-based health care lawyer Sara Krauss told SCMagazineUS.com on Thursday that she expects to see increased prosecution against HIPAA offenders, partly because of the federal government's heightened focus around privacy.

"It's possible that the increased enforcement and penalties under HIPAA are reflective of what's going on in the rest of the privacy arena," Krauss said.

This is not the first time UCLA Medical Center has faced privacy intrusions. In 2008, it moved to fire 13 employees and suspended six others for unauthorized access to confidential medical records of pop star Britney Spears.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.