There are some cautionary tales and lessons in the strange case of Huping Zhou, 47, who once worked for the UCLA Health System–until he was fired for poor performance–and who now finds himself facing hard time for HIPAA privacy violations.

Here’s where it gets strange for both UCLA and the Chinese surgeon.

First, UCLA gave Zhou advance notice that he was going to be let go based on performance issues. Second, Zhou then decided it was time to snoop on his administrators’ and coworkers’ medical files. Third, he didn’t stop there, and soon he was copping looks at celebrity health records. When he was done, he had accessed patient records 323 times, all in violation of the privacy rule of the Health Insurance Portability and Accountability Act (HIPAA).

A couple of weeks back, circumstances caught up with Zhou, and the long arm of the law sentenced him to four months in a federal prison for his illegal prying. Zhou thus becomes the first person ever to serve time for HIPAA violations, according to the U.S. Attorney’s Office for the Central District of California.

The lesson for Zhou, of course, is work hard and don’t break the law, and for UCLA it’s "don’t telegraph termination notices." Do it on the spot (with proper record-keeping and justification, of course).

Employers who offer health insurance to their workforces and who thus handle any type of private health-related information are also subject to the HIPAA privacy and security rules. For tools to help you understand and apply these rules, please visit the Personnel Concepts’ Web section on HIPAA & COBRA Compliance.