MEMPHIS, Tenn. — Five former Methodist Hospital employees have been charged with HIPAA violations, according to the United States Department of Justice.

Kirby Dandridge, Sylvia Taylor, Kara Thompson, Melanie Russell, and Adrianna Taber were indicted by a federal grand jury in Memphis.

According to the DOJ, the indictment states that between November 2017 and December 2020, a man identified as Roderick Harvey paid the Methodist Hospital employees to give him the names and phone numbers of patients who had been involved in motor vehicle accidents.

The DOJ says Harvey then sold that information to other people, including personal injury attorneys and chiropractors.

Dandridge, Taylor, Thompson, Russell, and Taber have all been charged with violating HIPAA by disclosing that information to Harvey.

Rachel Powers Doyle, spokesperson for Methodist Le Bonheur Healthcare, released a statement on the case.

At Methodist Le Bonheur Healthcare, we take the security of our patient’s private information very seriously. Once we became aware of the situation, we promptly took action and alerted the appropriate legal authorities. We’ve cooperated fully with their investigation and ensured each patient who was affected has been notified. While there is no evidence of financial information being disclosed, we are offering free credit reporting for those affected.

The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, protects patient information from being released without the patient’s knowledge or consent.

The DOJ says HIPAA violation charges carry a maximum penalty of one year in prison, a $50,000 fine, and one year of supervised release.

Harvey has been charged with seven counts of obtaining patient information with the intent to sell it for financial gain from November 12, 2017, to September 7, 2019. The DOJ says each of the charges carries a maximum of 10 years in prison, a fine of $250,000, and three years of supervised release.

The DOJ says the FBI and TBI investigated the case.