The US Attorney’s Office for the Eastern District of Texas recently announced that a former employee of an East Texas hospital has been sentenced to 18 months in federal prison for criminal HIPAA violations. Although we frequently report on any civil penalties imposed by the Office for Civil Rights of the Department of Health and Human Services for civil violations of HIPAA, HIPAA also includes the imposition of criminal fines and penalties if protected health information is used for profit, gain or harm.

In this case, the hospital worker pleaded guilty to wrongful disclosure of protected health information (PHI). The US Attorney’s office reported that from December 2012 through January 2013, the employee obtained PHI of patients of the hospital with the intent to use it for personal gain. It is reported that the PHI was discovered in his possession when he was arrested in Georgia and an investigation ensued.

In addition to jail time, the defendant’s sentence includes a three-year supervised release and he has to pay $12,152 in restitution.