A former researcher at the UCLA School of Medicine has been sentenced to four months in federal prison for violations of the HIPAA privacy rule.

Huping Zhou, a cardiothoracic surgeon in China before immigrating to the United States, was employed at UCLA in 2003. On Oct. 23, 2003, he received a notice of intent to dismiss him for performance reasons that did not include illegal access of medical records. That evening, he accessed medical records of his superior and co-workers, and during three other periods during the next four weeks accessed UCLA patient records, many of them involving celebrities, a total of 323 times, according to the FBI office in Los Angeles.

Charges were filed in 2009 and Zhou pleaded guilty in January 2010 to four misdemeanor counts of illegally reading private and confidential medical records. He faced up to four years in prison. A FBI spokesperson did not have information on why charges were not filed until six years after patient records were accessed. There is no evidence Zhou improperly used or attempted to sell the information he accessed, according to the FBI.

UCLA learned of Zhou's inappropriate accesses of patient information in early 2004, according to a spokesperson. "Mr. Zhou was able to access finformation following his termination due to a delay in UCLA's termination of his access codes," the spokesperson says. "UCLA has since developed a stronger process to ensure prompt termination of access codes when employees leave UCLA employment." UCLA released the following statement:

"The UCLA Health System cooperated fully with the U.S. Attorney's office in its ongoing investigation of violations of the Health Information Portability and Accountability Act (HIPAA), including with its prosecution of former UCLA employee, Huping Zhou. Mr. Zhou's employment at UCLA was terminated in November 2003.

"After a subsequent internal investigation revealed that he had inappropriately accessed patient files, UCLA provided the U.S. Attorney's office with all relevant information regarding Mr. Zhou.

"UCLA considers patient confidentiality a critical part of our mission of providing the highest level of teaching, research and patient care and fully supports the U.S. Attorney's initiatives to protect patient privacy by vigorous enforcement of HIPAA.

"During the past two years the UCLA Health System has put in place a number of safeguards to help ensure patient confidentiality including:

* "Expanded the auditing capabilities of our information systems and more than doubled the number of individuals who we proactively audit to ensure their privacy is maintained.

* "Evaluated and enhanced our clinical information systems to reduce the risk of information security violations.

* "Implemented a mandatory and expanded HIPAA training and certification module required for all physicians, staff and students.

"The UCLA Health System is committed to seeking ways to improve and enhance our policies, procedures and infrastructure to ensure the confidentiality of our patients' medical records."

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access