5 Former Tennessee Hospital Employees Charged with HIPAA Violations
Authorities claim the former employees sold patient data to a man who then sold it to personal injury lawyers and chiropractors.
Memphis, Tennessee — A federal grand jury on Thursday indicted five former Methodist Hospital employees for violating the Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Justice (DOJ) alleges the former employees sold patient data to a man who then sold the information to others.
From November 2017 to December 2020, Kirby Dandridge, 38, Sylvia Taylor, 43, Kara Thompson, 30, Melanie Russell, 41, and Adrianna Taber, 26, were paid by Roderick Harvey, 40, to provide him with names and phone numbers of Methodist patients who had been involved in motor vehicle accidents, claimed the DOJ in a press release. After obtaining the information, Harvey allegedly sold it to others, including personal injury lawyers and chiropractors.
If convicted of conspiracy, the defendants could face up to five years in prison, a $250,000 fine, and three years of supervised release.
Dandridge, Taylor, Thompson, Russell, and Taber were each charged with separate violations of disclosing the information to Harvey in violation of HIPAA. That charge carries a maximum penalty of one year imprisonment, a $50,000 fine and a one-year period of supervised release.
The hospital issued the following statement about the charges:
At Methodist Le Bonheur Healthcare, we take the security of our patient’s private information very seriously. Once we became aware of the situation, we promptly took action and alerted the appropriate legal authorities. We’ve cooperated fully with their investigation and ensured each patient who was affected has been notified. While there is no evidence of financial information being disclosed, we are offering free credit reporting for those affected.”