Compliance Management, Threat Management, Privacy

Health worker is first HIPAA privacy violator to get jail time

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities.

Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Attorney's Office for the Central District of California.

Zhou, a licensed surgeon in China, was working as a researcher at the UCLA School of Medicine in 2003 when he began accessing medical records of his supervisor and co-workers after being notified that he soon would be fired for job performance issues, prosecutors said. Over the next three weeks, he extended his snooping to mostly celebrity records. In total, he accessed the patient records system 323 times.

As part of a plea agreement, Zhou admitted he "obtained and read" private medical records on four separate occasions and had no legitimate reason to do so, prosecutors said.

Zhou's attorney did not return a telephone call seeking comment.

"UCLA considers patient confidentiality a critical part of our mission of providing the highest level of teaching, research and patient care and fully supports the U.S. attorney's initiatives to protect patient privacy by vigorous enforcement of HIPAA," the health system said in a statement.

The prosecution of Zhou appears to be proof that attorneys generals are increasingly willing to take HIPAA violators to court.

New York-based health care lawyer Sara Krauss told on Thursday that she expects to see increased prosecution against HIPAA offenders, partly because of the federal government's heightened focus around privacy.

"It's possible that the increased enforcement and penalties under HIPAA are reflective of what's going on in the rest of the privacy arena," Krauss said.

This is not the first time UCLA Medical Center has faced privacy intrusions. In 2008, it moved to fire 13 employees and suspended six others for unauthorized access to confidential medical records of pop star Britney Spears.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.