Home >  News >  April, 2010

UCLA Researcher Gets Jail Time for HIPAA Violations (Corrected Version)

4-month sentence comes amid heightened federal scrutiny of health information privacy.

Published: April 29, 2010

A former UCLA School of Medicine researcher became one of the first healthcare workers sentenced to prison for violating the HIPAA privacy rule this week.

Huping Zhou, a licensed cardiothoracic surgeon in China, was working as a researcher at the university in 2003 when he received notice of his dismissal for performance reasons unrelated to HIPAA, according to prosecutors. That's when Mr. Zhou began accessing the medical records of his superior, his co-workers and celebrity patients in the UCLA Health System, including Tom Hanks, Drew Barrymore and Arnold Schwarzenegger. He accessed confidential medical records in violation of the HIPAA privacy rule a total of 323 times over a 3-week period, according to the FBI.

In January, Mr. Zhou pleaded guilty to 4 misdemeanor counts of illegally reading confidential medical records, and earlier this week a judge sentenced him to 4 months in federal prison, plus a fine of $2,000.

Correction: The U.S. Attorney's Office in Los Angeles said in a press release that this is the first time a healthcare worker has been given jail time for violating the HIPAA privacy rule. However, a handful of other individuals have been convicted and sentenced to prison for accessing protected health information and using the information for identity theft. Mr. Zhou may be the first healthcare worker to go to jail simply for snooping on protected health records; the U.S. Attorney's Office says there is no evidence that he did anything with the information other than read it.

Edward Robinson, attorney for Mr. Zhou, told CBS News his client had "no idea that looking at another person's medical records was a federal criminal violation for which you could go to jail."

The ruling comes at a time when the federal government is increasingly cracking down on health information security as it also promotes a shift from paper to electronic medical records. The HITECH Act of 2009 put some enforcement teeth behind the HIPAA privacy rule, making healthcare employees subject to criminal penalties for disclosing protected health information without authorization.

For an overview of your responsibilities under the HITECH law, click here.

Irene Tsikitas

More breaking news.

Also in the News...

What's an Elective Surgery?
Facilities Canceling Elective Surgeries
ASCRS Cancels Annual Meeting
Coronavirus Crisis Continues to Escalate
Music Is as Good as Sedative in Calming Nerves Before Surgery
Jury: Orthopedic Surgeon's Routine of Performing 14 Concurrent Surgeries a Day Negligent
Federal Court Dismisses More Than 5,000 Lawsuits Against 3M's Patient Warming System

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

advertiser banner

Other Articles That May Interest You

Legal Update: The Ride Home: Uber Complicated or Easy Lyft?

When there's no one there to drive your patient home after surgery.

Medical Malpractice: Right Surgery, Wrong Patient, Big Trouble

Did pathologist's error lead to unavoidable wrong-person surgery?

Legal Update: Are You Ready for an Emergency?

Legal nurse consultant: Prepare for a crisis before you have one.