The U.S. Attorney’s Office for the Western District of Tennessee has announced that six individuals have been sentenced for criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) for conspiring to disclose the protected health information of Methodist Hospital patients for financial gain.
Between November 2017 and December 2020, Roderick Harvey, 42, of Memphis, TN, paid five former employees of Methodist Hospital to provide him with the names and phone numbers of patients who had been involved in motor vehicle accidents. Harvey then sold the contact information of those patients to third parties, including personal injury attorneys and chiropractors.
HIPAA places restrictions on uses and disclosures of patient data and healthcare employees are not permitted to access and disclose patient data for reasons other than treatment, payment for healthcare, or healthcare operations without a patient’s knowledge and consent.
The criminal scheme was discovered, and Harvey was charged with criminal HIPAA violations. In April 2023, Harvey pled guilty to conspiring with Kirby Dandridge, Sylvia Taylor, Kara Thompson, Melanie Russell, and Adrianna Taber to unlawfully obtain and disclose patient data.
Harvey was recently sentenced to five years of probation for conspiring to violate HIPAA, with United States District Judge Thomas L. Parker stipulating that Harvey spend a year of that probationary period in home detention. Harvey must also pay a $50,000 financial penalty. In 2023, Kirby Dandridge, Sylvia Taylor, Kara Thompson, Melanie Russell, and Adrianna Taber pled guilty to disclosing patient data to Harvey in violation of HIPAA and have recently been sentenced.
- Kirby Dandridge – 1 year of probation and a $2,500 fine
- Sylvia Taylor – 1 year of probation and a $3,000 fine
- Kara Thompson – 2 years of probation
- Melanie Russell – 1 year of probation and a $1,000 fine
- Adrianna Taber – Time served plus 6 months on supervised release