This was one of the first federal criminal prosecutions in Arkansas for accessing patient records out of curiosity when a physician and two former employees of St. Vincent Infirmary Medical Center (SVIMC) in Little Rock, Arkansas, pleaded guilty to misdemeanor violations of the privacy provisions of the HIPAA on July 20, 2009.
The records that were illegally accessed related to Anne Pressly, a local television personality who was brutally beaten by a home intruder on October 20, 2008 and had died at SVIMC on October 25.
The accused pleaded that they had accessed patient records out of curiosity. However, all of them admitted that they were quite aware of HIPAA and its privacy rules and that they had participated in HIPAA training provided by SVIMC.
Dr. Jay Holland who is the medical director for Select Specialty Hospital located on one floor within SVIMC and is involved in the case admitted that he logged into the medical center’s electronic medical record system from home seeking to quench his curiosity in order to determine the accuracy of a television news report concerning Ms. Pressly. Sarah Elizabeth Miller, an account representative for SVIMC, admitted that she had peeped in Ms. Pressley’s medical records twelve times, and Candida Griffin, an emergency room unit coordinator, accessed the file on three occasions.
SVIMC has terminated Miller’s and Griffin’s employment and has suspended Dr. Holland for two weeks and ordered him to complete additional HIPAA training. Each of the individuals faces up to a year in jail and a $ 50,000 fine for the violation they admitted. Sentencing should take place within the next two months. In determining the actual sentence, the federal judge will consult the advisory U.S. Sentencing Guidelines, but they are not bound by those guidelines in determining a sentence.
