A 30-year-old Oklahoma City woman pleaded guilty to one count of a criminal violation of the privacy protection provisions of the Health Insurance Portability and Accountability Act of 1996, according to a news release by U.S. Attorney John Richter for the Western District of Oklahoma.
Leslie Howell was an employee of an unnamed Oklahoma City counseling center when she allowed two people to take files from her workplace that contained individually identifiable health information, the release said. Because there was intent to obtain personal gain, prosecutors were able to seek the most severe HIPAA privacy penalty against Howell, who now faces up to 10 years in prison and a fine of up to $250,000.
According to an Associated Press account, Howell was indicted Feb. 15 and accused of providing more than 100 patient files to a pair of accomplices.
The more recent release from Richters office stated that Howell allowed Ryan Jay Meckenstock and Nicole Lanae Stevenson, both of Oklahoma City, to obtain patient files. In October 2007, both Meckenstock and Stevenson pleaded guilty to federal charges of fraudulently obtaining credit cards and aggravated identity theft. Neither Meckenstock nor Stevenson were charged with HIPAA violations, however, as a controversial 2005 advisory issued by the legal counsel office of the Justice Department limited the ability of federal prosecutors to charge individuals with criminal HIPAA violations.