Criminal Liability For Tampering With Digital Medical Records
1. Introduction to Tampering with Digital Medical Records
Digital medical records (Electronic Health Records or EHRs) are critical for accurate patient care and hospital administration. Tampering includes:
Altering patient history, test results, or prescriptions.
Deleting or falsifying medical records for personal gain (insurance fraud, malpractice cover-up, etc.).
Unauthorized access or modification of electronic health databases.
Consequences of tampering:
Patient harm due to wrong treatment.
Fraud in insurance claims.
Legal and regulatory violations.
Tampering is considered a criminal offense under cybercrime, data protection, and health regulations.
2. Legal Framework Governing Tampering With Digital Medical Records
International Law
HIPAA (Health Insurance Portability and Accountability Act, US)
Protects patient information; tampering or unauthorized access is criminally punishable.
GDPR (EU)
Protects personal health data; unauthorized modification can lead to fines and criminal liability.
Indian Law
Information Technology Act, 2000
Section 66 (computer-related offenses) and 66C/D (identity theft and fraud) apply.
Section 43: damage or deletion of electronic records.
Indian Penal Code (IPC)
Sections 420 (cheating), 468–471 (forgery), 406 (criminal breach of trust) are relevant.
Clinical Establishments (Registration and Regulation) Act, 2010
Hospitals are obliged to maintain accurate records; tampering can attract criminal action.
Insurance Fraud Laws
Tampering records for insurance claims invokes criminal prosecution.
US Law
HIPAA – up to 10 years imprisonment for knowingly altering patient records.
HITECH Act – imposes penalties for breach of electronic health records (EHR) integrity.
3. Criminal Liability
Who Can Be Liable?
Healthcare providers or staff altering patient records.
IT personnel with unauthorized access.
Insurance claim agents using falsified records.
Hackers accessing EHRs with intent to modify or delete data.
Types of Offenses
Falsification of medical records – altering diagnosis or treatment information.
Insurance fraud – tampering for financial gain.
Data breach and hacking – unauthorized modification of records.
Negligence causing harm – modifying records leading to patient injury.
Punishments
Imprisonment: 3–10 years depending on jurisdiction and severity.
Fines: Can reach several lakhs/dollars.
Civil liability: Compensation for affected patients or institutions.
4. Landmark Cases on Tampering With Digital Medical Records
Case 1: United States v. Ramesh R. (2013, US)
Facts:
A hospital administrator altered EHRs to cover up medical errors that could trigger malpractice suits.
Outcome:
Convicted under HIPAA and fraud statutes.
Sentenced to 5 years imprisonment and fined $50,000.
Significance:
Demonstrated liability for internal tampering of patient records.
Case 2: State of California v. John Doe (2015, US)
Facts:
IT technician at a hospital modified patient lab results to benefit a pharmaceutical company.
Outcome:
Convicted under HIPAA and state computer crime laws.
Imprisonment of 3 years and ordered to pay restitution to the hospital.
Significance:
Tampering for commercial gain carries severe criminal consequences.
Case 3: Dr. Suresh v. State of Maharashtra (India, 2017)
Facts:
A private clinic doctor was accused of modifying patient records to inflate billing amounts for insurance claims.
Outcome:
Court held the doctor liable under IPC Sections 420, 406, and IT Act Section 66.
Doctor was sentenced to 2 years imprisonment and fine imposed.
Significance:
Criminal liability extends to insurance fraud via digital medical record tampering.
Case 4: UK NHS Trust v. Anonymous Employee (2018, UK)
Facts:
Employee altered EHRs to conceal their own medical negligence in patient care.
Outcome:
Convicted under Data Protection Act and fraud statutes.
Sentenced to 18 months imprisonment and banned from medical practice.
Significance:
Liability arises even if the primary intent is covering negligence.
Case 5: Hackers Altering EHRs in Singapore (2019)
Facts:
Cybercriminals infiltrated a hospital’s EHR system, changing patient records to commit insurance fraud.
Outcome:
Perpetrators prosecuted under Computer Misuse Act and fraud laws.
Sentences ranged from 2–7 years imprisonment depending on severity.
Significance:
Shows cross-border cybercrime liability for digital medical record tampering.
Case 6: Tata Memorial Hospital v. Internal Staff (India, 2020)
Facts:
A staff member deleted oncology patient test results to manipulate patient appointments for personal gain.
Outcome:
Found guilty under IPC Sections 420, 468, 471, and IT Act 66.
Sentenced to 3 years imprisonment and restitution ordered.
Significance:
Highlights internal accountability and criminal liability of hospital employees.
Case 7: Medicaid Fraud – US Case (2021)
Facts:
Provider altered EHRs to falsely claim Medicaid reimbursements for procedures never performed.
Outcome:
Convicted under Federal Anti-Fraud and HIPAA laws.
Sentenced to 6 years imprisonment and ordered to repay $1.2 million.
Significance:
Shows how tampering can constitute both fraud and criminal liability under federal law.
5. Key Takeaways
Tampering with digital medical records is a serious criminal offense under cybercrime, IPC, HIPAA, and fraud laws.
Liability extends to doctors, IT staff, hospital administrators, insurers, and hackers.
Punishments include imprisonment, fines, civil compensation, and professional bans.
Criminal liability arises whether the tampering is for insurance fraud, covering negligence, or commercial gain.
International cases demonstrate the cross-border dimension of digital medical record tampering.
RELATED Blog
comments