Healthcare Employee Indicted for Criminal HIPAA Violations

A former patient information coordinator at the University of Pittsburgh Medical Center has been indicted by a federal grand jury for criminal HIPAA violations, according to an announcement by the U.S. Department of Justice announcement on June 29, 2018.

Linda Sue Kalina, 61, who lives in Butler, Pennsylvania, has been charged in a six-count indictment that includes wrongfully acquiring and disclosing the protected health information of 111 patients.

Kalina was employed by University of Pittsburgh Medical Center and the Allegheny Health Network from March 30, 2016 to August 14, 2017. While working at the healthcare companies, Kalina is alleged to have viewed the PHI of patients when there was no legitimate work reason for doing so, and has been accused of stealing PHI on four occasions between December 30, 2016 and August 11, 2017. After illegally obtaining the PHI, Kalina has been accused of providing that information to three people with the intention to cause harm.

Kalina was arrested following an investigation conducted by the FBI. The case is now being pursued by the Department of Justice. Assistant United States Attorney, Carolyn Bloch, is the prosecutor.

If Kalina is found guilty on all counts, she faces up to 11 years in prison and can face a maximum fine of $350,000. The sentence will be determined by the severity of the offenses and any previous criminal convictions.

The Department of Justice has made it clear that the theft of PHI is a serious matter, and healthcare employees will be punished to the full extent of the law. There have been several other cases pursued by the Department of Justice in 2018, three of which have resulted in prison sentences.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

  • In June 2018, Albert Torres, 51, a former employee at the Veteran Affairs Medical Center in Long Beach, CA, was convicted over the theft of the PHI of 1,030 patients and sentenced to serve 3 years in jail.
  • In April, 2018, Annie Vuong, 31, a former receptionist at a dental practice in New York, was sentenced to serve 2 to 6 years in prison for stealing the PHI of 650 patients and providing that information to two persons who used the data to commit credit card fraud.
  • In February, Jeffrey Luke, 29, a former behavioral analyst at the Transformations Autism Treatment Center in Bartlett, TN, was sentenced to 1 month in prison, 3 years supervised release, and was instructed to pay $14,941.36 in indemnity after downloading the PHI of 300 current and former patients to his personal computer.
About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: