Listen to this post

The U.S. Department of Justice announced on November 10 that five former employees of Methodist Hospital, based in Memphis, Tennessee, were indicted by a federal grand jury for allegedly selling the names and telephone numbers of hospital patients who were involved in automobile accidents. Roderick Harvey paid them for the information and then sold it to third parties, including personal injury attorneys and chiropractors.

The HIPAA violations occurred from 2017-2020. The HIPAA charges against each of the five individuals carry a maximum penalty of one year in prison, one year of supervised release, and a $50,000 fine. The ex-employees were also charged with conspiracy to disclose patient information, which carries a maximum penalty of five years in jail, three years of supervised release, and a $250,000 fine.

Harvey was charged with seven counts of “obtaining patient information with the intent to sell it for financial gain.” Each of the seven charges carries a maximum penalty of 10 years in prison and a $250,000 fine.

Sign up to receive Rivkin Rounds at