A Texas woman will spend more than two years in federal prison in a HIPAA-related case for her part in “breaching” what the federal government called a “protected computer” owned by an unidentified health care provider. The 30-month sentence U.S. District Judge Sean D. Jordan imposed on Amanda Lowry in July stems from her December guilty plea to the charge of conspiracy to obtain information from a protected computer. Two others have also pleaded guilty in the case; one is awaiting sentencing.
The case serves as yet another reminder of the reality—not just the threat—that thieves, perhaps working on the inside, will steal and monetize protected health information, sometimes running it through a wide and complicated operation. If and when they are caught, the consequences for them can be severe, and covered entities and business associates are also left picking up the pieces and, hopefully, hardening their security.