HIPAA Regulatory Alert

Guilty plea in first HIPAA privacy case

A SeaTac, WA, man pleaded guilty in federal court to wrongful disclosure of individually identifiable health information for economic gain. The guilty plea entered by Richard Gibson, 42, was the first criminal conviction under the HIPAA privacy rule, according to the U.S. Attorney in the Western District of Washington.

In a plea agreement, Gibson admitted that he obtained a cancer patient’s name, date of birth, and Social Security number while he was employed at the Seattle Cancer Care Alliance and used that information to get four credit cards in the patient’s name. Gibson used the cards to spend more than $9,000 in the patient’s name, buying video games, home improvement supplies, apparel, jewelry, porcelain figures, groceries, and gasoline for his personal use. He was fired from the job shortly after the identity theft was discovered.

The plea agreement sets forth a sentencing range of 10-16 months in prison followed by a period of supervised release.