The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Five Former Tennessee Hospital Employees Charged with Criminal HIPAA Violations

Posted By on Nov 15, 2022

Five former employees of Methodist Hospital in Tennessee have been indicted by a federal grand jury in Memphis for criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) for impermissibly accessing the protected health information of patients and providing that information to another individual for financial gain.

According to the indictment, between November 2017 and December 2020, Roderick Harvey, 40, conspired with five former hospital employees and paid them to provide him with the names and telephone numbers of patients who had been involved in motor vehicle accidents. Harvey then sold that information to third parties such as personal injury lawyers and chiropractors.

The former Methodist Hospital employees – Kirby Dandridge, 38, Sylvia Taylor, 43, Kara Thompson, 30, Melanie Russell, 41, and Adrianna Taber, 26 – and Harvey were charged with conspiracy to obtain patient information with the intent to sell, transfer or use such information for personal gain, the maximum penalty for which is five years in jail, three years of supervised release, and a financial penalty of up to $250,000. Each of the five employees was also charged with separate criminal violations of HIPAA for disclosing patient information to Harvey, with those charges carrying a maximum penalty of one year in jail, one year of supervised release, and a fine of up to $50,000.

Harvey has been charged with seven counts of obtaining patient information with the intent to sell the information for financial gain, with the offenses occurring from November 12, 2017, to September 7, 2019. Harvey faces up to 10 years in jail, a fine of up to $250,000, and three years of supervised release for each charge.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Methodist Le Bonheur Healthcare discovered the unauthorized access, terminated the employees for the HIPAA violations, and reported the employees to law enforcement. The case was investigated by the Federal Bureau of Investigation and the Tennessee Bureau of Investigation, with the case prosecuted by Assistant United States Attorney Carroll L. André III.

Update on charges, pleas, and sentencing

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist