Tripping on the heels of the HIPAA criminal charges against Chelsea Catherine Stewart for theft of patient information, (see my previous post on June 14, 2011), a physician was indicted June 21, 2011 on three counts of HIPAA violations in the U.S. District Court for the Eastern District of Virginia. Dr. Richard Alan Kaye, a licensed osteopath and board certified in psychiatry, was formerly the medical director of the Psychiatric Care Center at the Sentara Obici Hospital in Suffolk, Virginia, and had treated the patient whose individually identifiable health information was allegedly disclosed without authorization.
According to the U.S. Attorney's Office for the Eastern District of Virginia, Dr. Kaye had provided in-patient mental health treatment to a patient and upon the patient's discharge in September of 2007, he had indicated in the discharge summary that the patient was not a danger to others. Despite this, in February of 2008, Dr. Kaye disclosed information on three occasions to an agent of the patient's employer under "false pretenses" that the patient was a serious and imminent threat to the safety of the public.
According to the Virginia Board of Medicine, the Board had already investigated the incidents and fined Dr. Kaye $5,000 for "one patient case of releasing confidential information and breach of confidentiality" in May 2010. He was placed on probation until he completed eight hours in professional ethics. Dr. Kaye's license was restored by the Board on October 4, 2010 after compliance with the terms of his probation.
What makes this indictment against Dr. Kaye unique among previous HIPAA criminal prosecutions, however, is that it alleges false pretenses for wrongful disclosures made to an employer. As it is unclear what the motive for Dr. Kaye's actions was in disclosing the information to the employer, one has to wonder what the "trigger" was that led to the FBI's involvement and U.S. Attorney's criminal charges. Criminal prosecution under HIPAA is still a rare, albeit increasing occurrence, especially in comparison to the number of HIPAA violations investigated by OCR each year.
Under § 1320d-6(b)(2), Dr. Kaye could face a fine of up to $100,000 and up to five years in jail if convicted of disclosing the information under "false pretenses." Dr. Kaye is scheduled to be arraigned on July 13. A copy of the press release can be found here.