Tuesday, January 12, 2010

Ex-UCLA Healthcare Employee Enters Conditional Guilty Plea to Four Misdemeanor Counts of Violating HIPAA By Reading Patient Records In Federal Court


On January 8, 2010, a former UCLA Healthcare System researcher, Huping Zhou, entered a conditional guilty plea to four misdemeanor counts of of violating the federal privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) by reading private and confidential medical records. Mr. Zhou is one of the first people in the nation to be convicted of violating the privacy provisions of HIPAA.

Mr. Zhou's plea came just before trial was scheduled to begin this week. The plea was before United States Magistrate Judge Andrew J. Wistrich. In the plea, Mr. Zhou specifically admitted to knowingly obtaining individually identifiable health information without a valid reason, medical or otherwise. However, the plea was conditional because Mr. Zhou reserves the right to argue that his case should have been dismissed and that he can withdraw his guilty plea in appeals on the ground that he did not know this was a federal crime.

Mr. Zhou, who is a licensed cardiothoracic surgeon in China, was employed in 2003 at UCLA Healthcare System as a researcher with the UCLA School of Medicine. On October 29, 2003, Zhou received a notice of intent to dismiss him from UCLA Healthcare for job performance reasons unrelated to his illegal access of medical records. That night, Mr. Zhou, without any legal or medical reason, accessed and read his immediate supervisor’s medical records and those of other co-workers.

For the next three weeks, Zhou’s continued his accessing of patient records including confidential health records belonging to various celebrities. According to court documents, Mr. Zhou accessed the UCLA patient records system 323 times during the three-week period, with most of the accesses involving well recognized celebrities. There is no allegation that he disseminated these private records to any third party.

In a plea agreement filed in court, Mr. Zhou admitted that he obtained and read private patient health and medical information on four specific occasions after he was formally terminated from the UCLA Healthcare System. Mr. Zhou acknowledged that at the time he viewed these patients’ medical information, he had no legitimate reason, medical or otherwise, for obtaining the personal information. Mr. Zhoa had a Mandarin interpreter at the hearing on the change of plea.

Mr. Zhou is scheduled to appear in federal court on March 22 to be sentenced by Judge Wistrich. At sentencing, Zhou faces a maximum statutory penalty of four years in federal prison.

Attorney Commentary: Protecting the privacy of patients is an excellent goal but whether or not an employee should be criminally prosecuted for reviewing medical records where there is no other illegal conduct is another matter. Most employees sign HIPAA agreements with employers but most of those do not inform the employees that it is a federal crime to view medical records for which they do not have a medical reason or permission to view. Employers should amend their HIPAA agreements to include such notification and health care employees should be careful to not review any such records or document why such records were reviewed (training, etc.). As a health care fraud attorney and HIPAA attorney, it is my opinion that only cases that have criminal intent should be prosecuted.

Posted by Tracy Green. Should you have any questions regarding your own situation or this post, you can email Tracy at tgreen@greenassoc.com. Green & Associates in Los Angeles, California focuses their practice on the representation of licensed professionals, individuals and businesses in civil, business, administrative and criminal proceedings. They have a specialty in representing licensed health care providers. Their website is: http://www.greenassoc.com/

DISCLAIMER

DISCLAIMER: Green & Associates' articles and blog postings are prepared as a service to the public and are not intended to grant rights or impose obligations. Nothing in this website should be construed as legal advice. Green & Associates' articles and blog postings may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents and contact their attorney for legal advice. The primary purpose of this website is not the commercial advertisement or promotion of a commercial product or service and this website is not an advertisement or solicitation. Anyone viewing this web site in a state where the web site fails to comply with all laws and ethical rules of that state, should disregard this web site.

The information provided on this website is for informational purposes only. It is not intended to create, and does not create, a lawyer-client relationship with Green & Associates, Attorneys at Law. Sending an e-mail to Tracy Green does not contractually obligate them to represent you as your lawyer, or create any type of client relationship. No attorney-client relationship will be formed absent a written engagement or retainer letter agreement signed by both Green & Associates and client and which specifies the scope of the engagement.

Please note that e-mail transmission is not secure unless it is encrypted. E-mail messages sent to Ms. Green should not include confidential or sensitive information.