First HIPAA Violator Gets 16-Month Jail Term

November 8, 2004 ( - A federal judge has slapped a former cancer treatment facility worker with a 16-month jail term for violating federal privacy laws by stealing a cancer patient's identity to get four credit cards in the patient's name.

>In imposing the sentence on Richard Gibson who had pleaded guilty to the charges this summer (See HIPAA Notches its First Conviction ), US District Judge Ricardo Martinez called Gibson’s conduct “some of the most deplorable I’ve seen in 15 years on the bench,” according to a Seattle US Attorney’s Office statement quoted by Thompson.Com.

>Gibson stood accused of violating the privacy provisions of Health Insurance Portability and Accountability Act (HIPAA) – the first person to be criminally convicted of that federal statute.

>According to Thompson, Gibson admitted obtaining the patient’s name, date of birth and Social Security number and disclosing this information to get credit cards in the patient’s name. He told the court he was “very sorry” and “wasn’t thinking [he] was going to hurting someone.” John McKay, the US attorney in Seattle, said Gibson also admitted he used the cards to rack up more than $9,000 in debt, buying video games, jewelry, and other personal items, the government said. Gibson was fired shortly after the identity theft was discovered.

>However, Martinez called the identity theft “a vicious attack on someone fighting for his life.” In addition to the prison term, he sentenced Gibson to three years of supervised release and more than $9,000 in restitution.