Health worker is first HIPAA privacy violator to get jail time

Share this article:

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities.

Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Attorney's Office for the Central District of California.

Zhou, a licensed surgeon in China, was working as a researcher at the UCLA School of Medicine in 2003 when he began accessing medical records of his supervisor and co-workers after being notified that he soon would be fired for job performance issues, prosecutors said. Over the next three weeks, he extended his snooping to mostly celebrity records. In total, he accessed the patient records system 323 times.

As part of a plea agreement, Zhou admitted he "obtained and read" private medical records on four separate occasions and had no legitimate reason to do so, prosecutors said.

Zhou's attorney did not return a telephone call seeking comment.

"UCLA considers patient confidentiality a critical part of our mission of providing the highest level of teaching, research and patient care and fully supports the U.S. attorney's initiatives to protect patient privacy by vigorous enforcement of HIPAA," the health system said in a statement.

The prosecution of Zhou appears to be proof that attorneys generals are increasingly willing to take HIPAA violators to court.

New York-based health care lawyer Sara Krauss told SCMagazineUS.com on Thursday that she expects to see increased prosecution against HIPAA offenders, partly because of the federal government's heightened focus around privacy.

"It's possible that the increased enforcement and penalties under HIPAA are reflective of what's going on in the rest of the privacy arena," Krauss said.

This is not the first time UCLA Medical Center has faced privacy intrusions. In 2008, it moved to fire 13 employees and suspended six others for unauthorized access to confidential medical records of pop star Britney Spears.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.