United States v. Huping Zhou, 678 F.3d 1110

OPINION

M. SMITH, Circuit Judge:

Defendant-Appellant Huping Zhou, a former research assistant at the University of California at Los Angeles Health System (UHS), accessed patient records without authorization after his employment was terminated. In an information, the government charged him with violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which imposes a misdemeanor penalty on “[a] person who knowingly and in violation of this part ... obtains individually identifiable health information relating to an individual^]” 42 U.S.C. § 1320d-6(a)(2) (emphasis added). Zhou moved to dismiss the information because it did not allege that Zhou knew that the statute prohibited him from obtaining the health information. The district court denied the motion to dismiss. Zhou entered a conditional guilty plea, reserving the right to appeal the denial of his motion to dismiss.

We have jurisdiction under 28 U.S.C. § 1291, and we affirm the district court because the plain text of Section 1320d-6(a)(2) is not limited to defendants who knew that their actions were illegal. Rather, the misdemeanor applies to defendants who knowingly obtained individually identifiable health information relating to an individual, and obtained that information in violation of HIPAA.

FACTUAL AND PROCEDURAL BACKGROUND

Zhou was hired as a research assistant in rheumatology at UHS on February 2, 2003. On October 29, 2003, UHS issued Zhou a notice of intent to dismiss due to “continued serious job deficiencies and poor judgment.” On November 12, 2003, after a formal internal grievance hearing, Zhou received a dismissal letter effective November 14, 2003.

After his termination on November 14, 2003, there were at least four instances, on November 17 and 19, in which Zhou accessed patient records without authorization. The information charged Zhou with crimes only for accessing patients’ medical information after he was terminated and no longer treating patients at the hospital.

HIPAA provides that: “[a] person who knowingly and in violation of this part— (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b).” 42 U.S.C. § 1320d-6(a).

On November 17, 2008, Zhou was charged by information under subsection 2 of that HIPAA provision. The four misdemeanor counts in the information stated that Zhou “knowingly and for reasons other than permitted by Title 42 United States Code Chapter 7, Subchapter XI, Part C, obtained and caused to be obtained individually identifiable health information relating to an individual....” Each count alleged access to a patient record after Zhou’s termination.

On October 19, 2009, Zhou moved to dismiss the information, arguing that the information did not allege that he knew that it was illegal to obtain the health information. On November 12, 2009, the magistrate judge denied the motion in a ruling from the bench.

In pretrial filings, the government proposed a jury instruction that defined the elements of the crime as:

(1) That the defendant knowingly obtained individually identifiable health information relating to another individual; and

(2) That the defendant obtained this individually identifiable health information for a purpose other than permitted by Title 42, United States Code, Chapter 7, Subchapter XI, Part C.

Zhou proposed a jury instruction that defined the elements as:

First: That the Defendant obtained individually identifiable health information relating to another individual.

Second: That the Defendant obtained the information for a purpose other than permitted by Title 42, U.S.C. Chapter 7, Subchapter XI, Part C.

Third: That the Defendant obtained the information knowing that his obtaining this information was in violation of the criminal laws as set forth in statute[.]

On December 14, 2009, during a pretrial conference, the court stated that it planned to adopt the government’s proposed jury instruction, although it would be open to changing its mind.

On January 8, 2010, Zhou entered a conditional guilty plea, reserving his right to appeal the court’s denial of his motion to dismiss the information. Zhou was sentenced to four months in prison, followed by a year of supervised release, a $2,000 fíne, and a $100 special assessment. Zhou filed a timely notice of appeal.

STANDARD OF REVIEW

We review de novo the denial of a motion to dismiss the information. United States v. Marcucci, 299 F.3d 1156, 1158 (9th Cir.2002).

DISCUSSION

An indictment or information must meet the requirements of both the Due Process Clause and Federal Rule of Criminal Procedure 7. Under the Due Process Clause, an indictment or information is sufficient if it “first, contains the elements of the offense charged and fairly informs a defendant of the charge against which he must defend, and, second, enables him to plead an acquittal or conviction in bar of future prosecutions for the same offense.” Hamling v. United States, 418 U.S. 87, 117, 94 S.Ct. 2887, 41 L.Ed.2d 590 (1974). Federal Rule of Criminal Procedure 7 requires that an indictment or information “be a plain, concise, and definite written statement of the essential facts constituting the offense charged.” Fed.R.Crim.P. 7(c)(1). “An indictment is sufficient if it contains the elements of the charged crime in adequate detail to inform the defendant of the charge and to enable him to plead double jeopardy.” United States v. Buckley, 689 F.2d 893, 896 (9th Cir.1982).

Zhou contends that the information failed to meet these requirements because it did not explicitly state that Zhou knew that obtaining the health information was illegal. He argues that “knowingly,” as used in 42 U.S.C. § 1320d-6(a), modifies “in violation of this part.” Under Zhou’s interpretation of the statute, a defendant is guilty only if he knew that obtaining the personal healthcare information was illegal.

We reject Zhou’s argument because it contradicts the plain language of HIPAA. The statute’s misdemeanor criminal penalty applies to an individual who “knowingly and in violation of this part ... obtains individually identifiable health information relating to an individual.” 42 U.S.C. § 1320d-6(a)(2) (emphasis added). The word “and” unambiguously indicates that there are two elements of a Section 1320d-6(a)(2) violation: 1) knowingly obtaining individually identifiable health information relating to an individual; and 2) obtaining that information in violation of Title 42 United States Code Chapter 7, Subchapter XI, Part C. Thus, the term “knowingly” applies only to the act of obtaining the health information.

If the statute did not contain “and,” then Zhou’s argument might be more persuasive. However, we cannot ignore “and” because its presence often dramatically alters the meaning of a phrase. Without “and,” the Second Amendment would guarantee “the right of the people to keep bear arms,” Leo Tolstoy would have published “War Peace,” and James Taylor would have confusingly crooned about “Fire Rain.” To overlook “and” would be to violate “an important rule of statutory construction — that every word and clause in a statute be given effect.” United States v. Williams, 659 F.3d 1223, 1227 (9th Cir.2011).

When the plain language of a statute is clear, it is unnecessary to consider legislative history. Botosan v. Paul McNally Realty, 216 F.3d 827, 831 (9th Cir.2000) (“Where the statutory language is clear and consistent with the statutory scheme at issue, the plain language of the statute is conclusive and the judicial inquiry is at an end.”). If we were to consider it, the legislative history would make no difference.

HIPAA’s legislative history indicates that Congress intended broadly to apply this misdemeanor criminal penalty. The House Ways and Means Committee report on this section states that “[pjrotecting the privacy of individuals is paramount” and that “[t]his section reflects the Committee’s concern that an individual’s privacy be protected.” H.R.Rep. No. 104-496(1), reprinted in 1996 U.S.C.C.A.N. 1865, 1900, 1903. Nothing in the Committee Report suggests that Congress intended to confíne this criminal penalty to those who knew that their actions were illegal.

Moreover, our conclusion is supported by Congress’s decision not to require willfulness as an element of the crime. Section 1320d-6(a)(2) uses only the term “knowingly,” but other criminal statutes require the crime be committed both “knowingly” and “willfully.” See, e.g., 18 U.S.C. § 1347 (criminal health care fraud statute that applies to defendants who act “knowingly and willfully”). In Bryan v. United States, 524 U.S. 184, 118 S.Ct. 1939, 141 L.Ed.2d 197 (1998), the Supreme Court distinguished “knowingly” and “willfully,” concluding that “the knowledge requisite to knowing violation of a statute is factual knowledge as distinguished from knowledge of the law.” Id. at 192, 118 S.Ct. 1939. (citation omitted); see also Dixon v. United States, 548 U.S. 1, 5, 126 S.Ct. 2437, 165 L.Ed.2d 299 (2006) (“[Unless the text of the statute dictates a different result, the term ‘knowingly’ merely requires proof of knowledge of the facts that constitute the offense, not a culpable state of mind or knowledge of the law.”) (internal quotation marks and citations omitted). Accordingly, had Congress intended to require a higher level of intent, it would have included “willfully” in Section 1320d-6(a)(2). See Choe v. INS, 11 F.3d 925, 944, n. 29 (9th Cir.1993) (“As has occasionally been said about congressional silence in similar contexts, the dog did not bark.”).

Similarly, Section 1320d-6’s title indicates a broad scope. See Christensen v. Comm’r of Internal Revenue, 523 F.3d 957, 960 (9th Cir.2008) (“[Ojur first indication of the statute’s scope is set forth in the title.”). The section is titled “Wrongful disclosure of individually identifiable health information.” 42 U.S.C. § 1320d-6. Had Congress intended to confine this penalty to people who knew that the disclosure was illegal, the title likely would have limited the scope to knowingly illegal conduct.

Zhou primarily relies on three cases in which the Supreme Court held that other criminal statutes apply only to “knowing” actions. 1 In those statutes, “knowingly” is immediately followed by a series of verbs. The statutes in those cases are ambiguous because “it is not at all clear how far down the sentence the word ‘knowingly’ is intended to travel.” Liparota, 471 U.S. at 424 n. 7, 105 S.Ct. 2084. Those cases are inapposite because the HIPAA provision at issue here clearly limits “knowingly” to the act of obtaining the information. The placement of “and” eliminates any possible ambiguity.

Zhou also cites HIPAA’s civil penalties provision in support of his argument. HI-PAA provides an exception to civil liability if “it is established that the person did not know (and by exercising reasonable diligence would have not known) that such person violated such provision.” 42 U.S.C. § 1320d-5(a)(l)(A). This argument is unavailing because civil sanctions are entirely separate from the criminal HIPAA provision at issue in this case. Indeed, the presence of this exception in another portion of HIPAA demonstrates that Congress explicitly chose to not include such an exception in Section 1320d-6(a)(2). See SEC v. McCarthy, 322 F.3d 650, 656 (9th Cir.2003) (recognizing the “well-established canon of statutory interpretation that the use of different words or terms within a statute demonstrates that Congress intended to convey a different meaning for those words”).

Finally, Zhou contends that the rule of lenity requires the court to impute a requirement that the defendant knowingly violated the law. The rule of lenity “requires ambiguous criminal laws to be interpreted in favor of the defendants subjected to them.” United States v. Santos, 553 U.S. 507, 514, 128 S.Ct. 2020, 170 L.Ed.2d 912 (2008). The rule of lenity does not apply here because the statute is unambiguous.

In sum, we hold that 42 U.S.C. § 1320d-6(a)(2) is not limited to defendants who knew that their actions were illegal. Rather, the defendant need only know that he obtained individually identifiable health information relating to an individual. Therefore, the information satisfies the requirements of both the Due Process Clause and Federal Rule of Criminal Procedure 7. 2

CONCLUSION

For the foregoing reasons, the district court’s denial of the motion to dismiss the information is affirmed.

AFFIRMED.

Notes

1

. In Liparota v. United States, 471 U.S. 419, 420-21, 105 S.Ct. 2084, 85 L.Ed.2d 434 (1985), the defendant was convicted under the federal food stamp statute, 7 U.S.C. § 2024(b)(1), which provides that "whoever knowingly uses, transfers, acquires, alters, or possesses coupons or authorization cards in any manner not authorized” by statute or regulation was subject to fine or imprisonment. The Supreme Court reversed the conviction because the indictment failed to allege that the defendant knew his action was in violation of the law. Id. at 433, 105 S.Ct. 2084. Flores-Figueroa v. United States, 556 U.S. 646, 647, 129 S.Ct. 1886, 173 L.Ed.2d 853 (2009), involved a criminal statute, 18 U.S.C. § 1028A, which applied to any individual who "knowingly transfers, possesses or uses, without lawful authority, a means of identification of another person.” The Supreme Court rejected the government’s argument that the defendant need not know that the identification belonged to another person. Id. at 657, 129 S.Ct. 1886. Finally, United States v. X-Citement Video, Inc., 513 U.S. 64, 115 S.Ct. 464, 130 L.Ed.2d 372 (1994), involved a child pornography statute that made it a crime to "knowingly receive!], or distribute! ], any visual depiction ... which contains materials which have been mailed or so shipped or transported, by any means including by computer, or knowingly reproduces any visual depiction for distribution ... if ... the producing of such visual depiction involves the use of a minor engaging in sexually explicit conduct; and ... such visual depiction is of such conduct.” Id. at 68, 115 S.Ct. 464. The Supreme Court held that statute requires knowledge that the person depicted was a minor. Id. at 70, 115 S.Ct. 464.

2

. The government argued that the information, which tracks the language of the statute in its use and placement of the words “knowingly and,” was sufficient even under Zhou's proposed statutory interpretation. We decline to address this argument. Faced with a similar challenge to the decision not to dismiss an indictment under a statute with disputed interpretations, we declined to rule on statutory construction grounds where we found the indictment independently sufficient. United Stales v. Davis, 336 F.3d 920, 923 n. 1, 924 (9th Cir.2003). However, Davis does not bind us to a specific sequence of reasoning. Indeed, we may affirm a district court's denial of a motion to dismiss an information on any basis supported by the record. United States v. Reyes-Bonilla, 671 F.3d 1036, 1042 (9th Cir.2012) (citing Davis, 336 F.3d at 922).

Case Details

Case Name: United States v. Huping Zhou

Court Name: Court of Appeals for the Ninth Circuit

Date Published: May 10, 2012

Citations: 678 F.3d 1110; 2012 U.S. App. LEXIS 9507; 2012 WL 1626109; 10-50231

Docket Number: 10-50231

Court Abbreviation: 9th Cir.