University of Pittsburgh Medical Center Staff Punished for Criminally Violating HIPAA Regulations

An ex-employee at the University of Pittsburgh Medical Center, who is the patient information coordinator, was charged by a federal grand jury with criminal violations of HIPAA policies, as stated in the Department of Justice declaration on June 29, 2018.

Linda Sue Kalina, 61, who resides in Butler, Pennsylvania, was charged with a six-count indictment which involves wrongfully getting and exposing the protected health information (PHI) of 111 persons.

Kalina was employed at the University of Pittsburgh Medical Center and the Allegheny Health Network from March 30, 2016 to August 14, 2017. While doing her job at the healthcare establishments, Kalina is purported to have seen the PHI of patients without authorization or any legitimate job-related reason for undertaking it.

In addition, Kalina is purported to have stolen sensitive information and, in four different times from December 30, 2016 to August 11, 2017, exposed that data to 3 persons with the purpose to do malicious damage.

Kalina got detained after an investigation done by the Federal Bureau of Investigation. The Department of Justice took the case and Kalina is being charged by Carolyn Block, Assistant United States Attorney, for the U.S. government.

In the event that Kalina is judged guilty on all charges, she faces about 11 years imprisonment and may be directed to pay a penalty of approximately $350,000. The sentence shall be influenced by the extent of the criminal acts and any preceding criminal convictions.

The Department of Justice is determined in pursuing cases on persons who break HIPAA policies and impermissibly accessing and exposing PHI with malicious purpose. There were a few more cases in 2018 where previous health employees had been charged for criminal HIPAA violations. The following three cases ended up with imprisonment:

In February, Jeffrey Luke, 29, a past behavioral analyst at the Transformations Autism Treatment Center in Bartlett, TN, was sentenced to One month imprisonment, 3 years monitored discharge, and was directed to pay $14,941.36 in fines after downloading to his PC the sensitive information of 300 present and past patients.

In April, Annie Vuong, 31, a past receptionist at a dental practice in New York, was sentenced to 2 to 6 years imprisonment for theft of the 650 patients’ PHI and giving that data to two people who utilized the information to accumulate substantial financial obligations in the patients’ accounts.

In June, Albert Torres, 51, an ex- worker at the Veteran Affairs Medical Center in Long Beach, CA, was charged with stealing the protected health information of 1,030 patients and identity theft after pleading guilty and is going to serve three years in prison.