Getty Images/EyeEm
5 Former Methodist Hospital Employees Indicted Over HIPAA Violations
The five former Tennessee hospital employees allegedly committed HIPAA violations by disclosing the personal information of patients involved in car accidents.
Five former employees of Tennessee-based Methodist Hospital have been indicted by a federal grand jury for committing HIPAA violations, the US Attorney’s Office for the Western District of Tennessee announced.
Between November 2017 and December 2020, the five employees allegedly unlawfully disclosed the personal information of patients involved in motor vehicle accidents to Roderick Harvey. Harvey paid the five employees to provide him with the names and phone numbers of Methodist patients.
Once he received the information, the indictment explained, Harvey sold it to third parties such as personal injury attorneys and chiropractors.
“HIPAA’s provisions make it a crime to disclose patient information, or to obtain patient information with the intent to sell, transfer or use such information for personal gain,” the press release stated.
The five individuals were each charged with separate HIPAA violations. The charges carry a maximum penalty of one year in prison, one year of supervised release, and a $50,000 fine. Additionally, the individuals were charged with conspiracy to disclose patient information.
“The conspiracy charge carries a maximum penalty of five years imprisonment, a fine of $250,000 and three-year period of supervised release,” the US Attorney’s Office stated.
Additionally, Harvey was charged with seven counts of “obtaining patient information with the intent to sell it for financial gain.” Each of the seven charges carry a maximum penalty of 10 years in prison and a $250,000 fine.
At this point, the charges are allegations and the defendants are presumed innocent until proven guilty.