A press release issued by the United States Attorney's Office for the
Western District of Washington announced the first criminal convication in the U.S. under the health information privacy provisions of the Health Insurance Portability & Accountablity Act of 1996 (HIPAA).
In US v. Gibson, W.D. Wash. No.CR04-0374RFM, Mr. Gibson admitted that he obtained a cancer patient's name, date of birth and social security number while Gibson was employed at the Seatle Cancer Care Alliance, and that he disclosed that information to get credit cards in the patient's name. He racked up more than $9,000 in debt in the patient's name. The terms of the plea agreement include that Gibson should be sentenced to a term of 16 months in federal prison or nome confinement.
The press release stated: "Too many Americans have experienced identity theft and the nightmare of dealing with bills they never incurred. To be a vulnerable cancer patient, fighting for your life, and having to cope with identity theft is just unconscionable," stated United States Attorney John McKay. "This case should serve as a reminder that misuse of patient information may result in criminal prosecution."