Steve Alder reports:
Mark Kevin Robison, a former vice president of Commonwealth Health Corporation (now Med Center Health) in Kentucky has been sentenced to 2 years’ probation and ordered to pay $140,000 in restitution after reaching a plea agreement with federal prosecutors over a HIPAA violation.
Robison pled guilty to knowingly disclosing the protected health information of patients of Commonwealth Health Corporation (CHC) under false pretenses to an unauthorized third party between 2014 and 2015. Robison did not have authorization from the patients concerned nor from CHC to disclose the records.
While Vice President of CHC, Robison hired Randy Dobson as a patient account collection vendor for CHC. In March 2011, Robison and Dobson set up a corporation – OPTA LLC – in Kentucky. The pair were the only registered members and Robison was the registered agent. Dobson was developing a software solution and together the pair hoped to market the software to healthcare companies.
OPTA Kentucky was dissolved in 2014, and Delaware OPTA was incorporated the same year with Dobson listed as the sole owner. Delaware OPTA continued to develop the same software, and Robison hoped to share in the profits from the sale of the software when he left CHC. In 2014, Robison instructed the CHC IT department to share patient data with Dobson to test the software. The disclosures occurred between 2014 and 2015 without authorization from CHC or the patients concerned.
Read more at HIPAA Journal.