Ninth Circuit Holds that Knowledge of HIPAA Is Not Necessary for Criminal Conviction

more+
less-

[author: Adam H. Greene]

On May 10, 2012, the United States Court of Appeals for the Ninth Circuit held that an individual may be criminally convicted of knowingly obtaining health information in violation of HIPAA, even if the individual did not know that the access was illegal. The decision serves as a reminder to health care providers, health plans, and their business associates that ignorance of the law is not an excuse to criminal prosecution with respect to HIPAA, and that significant repercussions may result from accessing patient information without a valid reason.

Davis Wright Tremaine did not handle this case and the following account was drawn from public records. The case involves Huping Zhou, a former research assistant at University of California at Los Angeles Health System (UCLA). UCLA terminated Zhou, effective Nov. 14, 2003. After his termination, Zhou looked up patient records of celebrities and co-workers on at least four separate occasions. The U.S. Attorney’s Office for the Central District of California brought criminal charges for a misdemeanor violation of HIPAA’s prohibition of “knowingly” obtaining individually identifiable health information in violation of HIPAA. Zhou filed a motion to dismiss on the grounds that he did not know it was illegal to obtain the health information and, therefore, did not act “knowingly.” The magistrate judge dismissed Zhou’s motion, and Zhou then submitted a conditional guilty plea, reserving the right to appeal the dismissal. The trial court sentenced Zhou to four months in prison, a $2,000 fine, and a $100 special assessment.

The Ninth Circuit affirmed the denial of Zhou’s motion to dismiss, finding that, with respect to the criminal HIPAA statute, “knowingly” applies only to the act of obtaining health information (knowledge of the law is irrelevant). This case has significant relevance to covered entities and business associates in that it sets a relatively low bar on what conduct may be deemed a criminal violation of HIPAA.

One potential benefit of this case to covered entities and business associates is that it can be used as a teaching moment, to remind employees that fates even worse than termination (such as criminal prosecution) can result from viewing medical records to satisfy curiosity or for other impermissible reasons.

 

Published In: Administrative Agency Updates, Criminal Law Updates, Health Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »