5 former Tennessee hospital workers charged with HIPAA violations

Authorities say the former employees sold patient data to a man who then sold it to personal injury lawyers and chiropractors.

Memphis, TN – A federal grand jury on Thursday indicted five former Methodist Hospital employees for violating the Health Insurance Portability and Accountability Act (HIPAA). The US Department of Justice (DOJ) alleges that former employees sold patient data to a man who then sold the information to others.

From November 2017 to December 2020, Kirby Dandridge, 38, Sylvia Taylor, 43, Kara Thompson, 30, Melanie Russell, 41, and Adrianna Taber, 26, were paid by Roderick Harvey, 40, to provide him the names and phone numbers of Methodist patients who had been involved in motor vehicle crashes, the DOJ said in a news release. After obtaining the information, Harvey allegedly sold it to others, including personal injury lawyers and chiropractors.

If convicted of conspiracy, the defendants face up to five years in prison, a $250,000 fine and three years of probation.

Dandridge, Taylor, Thompson, Russell and Taber were each charged with separate violations of disclosing information to Harvey in violation of HIPAA. This charge carries a maximum penalty of one year in prison, a $50,000 fine and a one-year probation period.

The hospital released the following statement regarding the charges:

At Methodist Le Bonheur Healthcare, we take the security of our patients’ private information very seriously. Once we became aware of the situation, we quickly took action and alerted the relevant legal authorities. We have cooperated fully with their investigation and have ensured that each affected patient has been informed. Although there is no evidence of disclosure of financial information, we offer free credit reports to those concerned.