logo
Published on FierceHealthcare (http://www.fiercehealthcare.com)

HIPAA prosecution targets AR clinic's employee

By anne
Created Jul 7 2008 - 5:07am

A new HIPAA criminal case suggests that healthcare organizations may be not criminally liable for employee disclosures of protected health information if they have strong protections in place or are unaware of an employee's behavior. In the case, believed to be only the fourth criminal case pursued under HIPAA, a clinic nurse with the Northeast Arkansas Clinic pled guilty to wrongfully disclosing a patient's PHI and using it for personal and malicious intent. Andrea Smith admitted that she accessed a patient's medical file and shared it with her husband, who planned to use the information in an upcoming legal proceeding. Now, Smith faces up to 10 years in prison, $250,000 in fines or both. She was also terminated from the clinic when it found out about the breach. Legal observers had assumed, under previous Department of Justice guidelines issued in 2005, that the clinic would be liable for the actions for employees like Smith.

To learn more about this story:
- read this AMNews piece [1]

Related Articles:
HHS plans surprise HIPAA audits [2]
Over-applying and misapplying HIPAA is common [2]
Few HIPAA complaints pursued [2]
HIPAA violations not drawing fines [2]

Source URL:
http://www.fiercehealthcare.com/story/hipaa-prosecution-targets-ak-clinics-employee/2008-07-07

Links:
[1] http://www.ama-assn.org/amednews/2008/07/14/gvsb0714.htm
[2] http://www.fiercehealthit.com/story/hhs-plans-surprise-hipaa-audits/2008-03-03