June 30, 2011

HIPAA-Based Criminal Indictment for Communicating with Patient’s Employer

A Virginia physician has become the first person criminally indicted under the Health Insurance Portability and Accountability Act (HIPAA) for communicating with a former patient’s employer.

According to the United States Attorney for the Eastern District of Virginia, Dr. Richard Kaye, the former Medical Director of the Psychiatric Care Center at Sentara Obici Hospital in Suffolk, Virginia, revealed protected health information on three separate occasions when he contacted a former patient’s employer and expressed his view that the former patient posed “a serious and imminent threat to the safety of the public.”  Dr. Kaye’s three alleged criminal violations occurred in February 2008.  Dr. Kaye discharged the patient in September 2007 because, according to his discharge summary, the patient was stable and posed no threat.

Criminal prosecutions under HIPAA, though rare, usually contain allegations that the charged individual obtained or disclosed protected health information for fraud or identity theft purposes.  This allegation is unique; the indictment does not claim that Dr. Kaye disclosed the protected health information for personal or malicious purposes.  In fact, the indictment is void of any supposed motive for Dr. Kaye’s actions.  If convicted, Dr. Kaye’s case could expand conduct deemed criminal under HIPAA.

If the allegations are proved to be true, Dr. Kaye faces a maximum fine of $100,000 and/or five years in prison.

This post was contributed by Aaron Mensh.