On January 8, 2010, a former UCLA Healthcare System researcher, Huping Zhou, entered a conditional guilty plea to four misdemeanor counts of of violating the federal privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) by reading private and confidential medical records. Mr. Zhou is one of the first people in the nation to be convicted of violating the privacy provisions of HIPAA.
Mr. Zhou's plea came just before trial was scheduled to begin this week. The plea was before United States Magistrate Judge Andrew J. Wistrich. In the plea, Mr. Zhou specifically admitted to knowingly obtaining individually identifiable health information without a valid reason, medical or otherwise. However, the plea was conditional because Mr. Zhou reserves the right to argue that his case should have been dismissed and that he can withdraw his guilty plea in appeals on the ground that he did not know this was a federal crime.
Mr. Zhou, who is a licensed cardiothoracic surgeon in China, was employed in 2003 at UCLA Healthcare System as a researcher with the UCLA School of Medicine. On October 29, 2003, Zhou received a notice of intent to dismiss him from UCLA Healthcare for job performance reasons unrelated to his illegal access of medical records. That night, Mr. Zhou, without any legal or medical reason, accessed and read his immediate supervisor’s medical records and those of other co-workers.
For the next three weeks, Zhou’s continued his accessing of patient records including confidential health records belonging to various celebrities. According to court documents, Mr. Zhou accessed the UCLA patient records system 323 times during the three-week period, with most of the accesses involving well recognized celebrities. There is no allegation that he disseminated these private records to any third party.
In a plea agreement filed in court, Mr. Zhou admitted that he obtained and read private patient health and medical information on four specific occasions after he was formally terminated from the UCLA Healthcare System. Mr. Zhou acknowledged that at the time he viewed these patients’ medical information, he had no legitimate reason, medical or otherwise, for obtaining the personal information. Mr. Zhoa had a Mandarin interpreter at the hearing on the change of plea.
Mr. Zhou is scheduled to appear in federal court on March 22 to be sentenced by Judge Wistrich. At sentencing, Zhou faces a maximum statutory penalty of four years in federal prison.
Attorney Commentary: Protecting the privacy of patients is an excellent goal but whether or not an employee should be criminally prosecuted for reviewing medical records where there is no other illegal conduct is another matter. Most employees sign HIPAA agreements with employers but most of those do not inform the employees that it is a federal crime to view medical records for which they do not have a medical reason or permission to view. Employers should amend their HIPAA agreements to include such notification and health care employees should be careful to not review any such records or document why such records were reviewed (training, etc.). As a health care fraud attorney and HIPAA attorney, it is my opinion that only cases that have criminal intent should be prosecuted.
Posted by Tracy Green. Should you have any questions regarding your own situation or this post, you can email Tracy at tgreen@greenassoc.com. Green & Associates in Los Angeles, California focuses their practice on the representation of licensed professionals, individuals and businesses in civil, business, administrative and criminal proceedings. They have a specialty in representing licensed health care providers. Their website is: http://www.greenassoc.com/
