Archive for HIPAA Violations
Drug kingpin Stuart Seugasala was just convicted and sentenced on a string of federal charges that includes HIPAA violations in the course of running a violent drug trafficking ring in Alaska. Authorities said the trafficking ring imported and distributed illicit drugs, perpetrated armed home invasions, drive-by shootings, kidnappings, and sexual assaults.
The Alaska U.S. Attorney’s Office said it was the state’s first HIPAA conviction and one of only a few such cases nationwide.
Seugasala, 40, was sentenced May 15 to three life terms in prison following his conviction on drug trafficking and kidnapping charges earlier this year, but separate from that sentence was another 20 years for unauthorized access to medical records of two victims he hospitalized in 2013.
On March 13, 2013, Seugasala and his associates kidnapped, tortured, and sexually assaulted two men with a hot curling iron because one of the men owed them a large, past due debt on heroin, according to prosecutors. They said Seugasala ordered the rape to be videotaped so he could use the footage to intimidate other debtors.
One of the victims was so badly injured after three hours of torture that he was admitted to Providence Hospital in Anchorage. Two days later, Seugasala shot and wounded another man in an unrelated incident. That man also checked himself in to the hospital.
At that point, Seugasala contacted a friend who worked at the hospital–Stacy Laulu–and asked her via a text message to find out the extent of the men’s injuries and whether they were cooperating with police, prosecutors said.
They said Laulu, who was then employed as a financial counselor, accessed both men’s medical files and reported back to Seugasala, violating the men’s privacy rights.
According to prosecutors, Laulu’s husband, who was in jail on unrelated murder charges, was a close associate of Seugasala and the couple was receiving drug money from Seugasala.
Laulu was also convicted in January on the HIPAA felony violations and is scheduled for sentencing May 29. The maximum sentence is 10 years for each of those convictions. Three other members of the drug ring have also been sentenced or are due for sentencing in June.
Anthem subscribers are rallying together to file lawsuits in response to the cyberattack on the insurer that exposed the PHI of 80 million current and former Anthem subscribers, according to the Times Union.
Subscribers filed class-action lawsuits against Anthem in Alabama, California, Georgia, and Indiana. Each lawsuit seeks more than $5 million in damages.
The PHI of 5,117 patients treated at a physician group affiliated with St. Peter’s Health Partners in Albany, New York, was exposed when a manager’s cellphone was stolen, according to www.bizjournals.com.
The stolen cellphone had access to corporate email systems and PHI for patients of St. Peter’s Medical Associates, P.C., including:
- Patient names
- Dates of birth
- Days, times, and locations of medical appointments
- General descriptions of reasons for appointments
The PHI was primarily limited to that of patients treated from August to November 2014. Health system officials learned of the cellphone theft November 24, 2014. Home addresses and phone numbers of two patients were listed in an email that could be accessed from the phone. The health system notified all affected patients, according to www.bizjournals.com.
Indiana Attorney General Greg Zoeller recently reached a $12,000 settlement for HIPAA violations with a former dentist accused of improperly disposing of medical records, according to Legal Newsline.
The Indiana Board of Dentistry revoked Joseph Beck’s license to practice in Indiana over allegations of negligence and fraudulent billing practices. More than 60 boxes of medical records of patients treated by Beck from 2002 to 2007 were found in an Indianapolis dumpster in 2013, not long after his license was revoked. The boxes contained the PHI of more than 5,600 patients including full names, phone numbers, addresses, and Social Security numbers, according to Legal Newsline.
Beck allegedly hired the third-party vendor Just the Connection, Inc., in Carmel, Indiana, to dispose of the records, according to Legal Newsline.
The St. Louis County Health Department recently discovered that a document containing PHI was emailed to the personal account of a former employee, according to the St. Louis Post-Dispatch.
The document listed names and Social Security numbers of inmates treated at Buzz Westfall Justice Center in Clayton, Missouri, from 2008 through 2014. The St. Louis County Health Department instructed the former employee to delete the document. The department did not identify the former employee by name, but said she resigned in November 2014 after being employed by the department for 25 years. The former employee held a clerical position and her duties involved verifying medical claims information for inmates, the St. Louis Post-Dispatch reported.
The health department notified authorities and affected patients of the breach, although there is no indication that the information in the PHI in the document was misused. The department is taking precautions to ensure an incident like this will not occur again. It will continue conducting annual HIPAA training, according the St. Louis Post-Dispatch.