HIPAA and Warner Chilcott

Back in late 2015, we blogged about the interesting twist in the $125 million Warner Chilcott settlement that a Massachusetts physician had been criminally charged with violating the Health Insurance Portability and Accountability Act (HIPAA).   See HERE for that previous post.

That physician has now been convicted of the HIPAA violation, as well as an unrelated charge of obstructing a federal health care investigation.  The US Attorney’s Office in Boston made the announcement late last month.

The Warner Chilcott settlement involved illegal drug promotion.  Specifically, sales reps were accused of flagging patient medical records with product brochures and filling out the provider’s prior authorization forms in advance for specific patients.  All of this required impermissible access to patient records.  The physician’s criminal liability stems from providing these sales reps with access to her patients’ records.  In some cases, the reps were even allowed to take the records home with them!

We are often reminded through settlements with the HHS Office for Civil Rights that HIPAA violations are taken seriously and can include hefty fines and corrective action plans (see HERE, HERE and HERE for just a few examples).  This case serves as fair warning that intentional misuse of protected patient information can lead to jail time.  When this physician is sentenced, she could be looking at up to a year in prison, a $50,000 fine, and a year of supervised release.  If you picture a sales rep combing through your personal health issues in his or her living room to determine whether you might be a sales target, it shouldn’t be so surprising that this conduct can rise to the level of criminal liability.

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015.    Incredibly large data breaches became disturbingly routine, calling into question the ability of insurers and providers to protect their increasingly large troves of sensitive health information.  We also saw the release of an Office of Inspector General (OIG) report that was highly critical of the Federal government’s ability to effectively enforce HIPAA, followed almost immediately by signs of more aggressive enforcement from the Office for Civil Rights (OCR), perhaps in response.  We waited for commencement of the second round of HITECH-mandated audits, but it never came.  As regulated entities prepare for a new year of regulatory challenges, we review the highlights — and lowlights — of HIPAA 2015, and prepare for what’s to come in 2016. Continue Reading HIPAA and Health Care Data Privacy – 2015 Year in Review

Last week, the US Attorney’s Office in Boston announced that drug company Warner Chilcott agreed to plead guilty to health care fraud and pay $125 million to resolve criminal and civil liability arising out of allegations involving the promotion of the company’s drugs.  Continuing its focus on individuals, the former President of the Company has been charged with conspiring to pay kickbacks to physicians. The government interest in prosecuting illegal drug promotion activities and illegal payments to physicians has been a longstanding priority.  However, in a new twist that should be of great interest to the health care community, the government has brought criminal charges under the Health Insurance Portability and Accountability Act (HIPAA) against company employees as well as the physician practice owner for the alleged unlawful access and disclosure of  patient medical records. These HIPAA violations could result in prison sentences, significant fines and exclusion from the Medicare program. Continue Reading HIPAA Lessons from the Warner Chilcott Settlement