- Industry News
- Law & Malpractice
- Coding & Documentation
- Practice Management
- Finance
- Technology
- Patient Engagement & Communications
- Billing & Collections
- Staffing & Salary
Sentencing for Criminal HIPAA Violations
Nearly a year after being convicted, three pharmaceutical company employees are sentenced for healthcare fraud and HIPAA violations.
On Oct. 28, three Warner Chilcott, a pharmaceutical company based in Rockaway, N.J., employees were sentenced for violations of healthcare fraud and violating HIPAA in order to increase sales of an osteoporosis drug. Criminal violations of HIPAA are rare, however, the cases of the three district sales managers are significant for two reasons. First, it shows the DOJ's willingness to prosecute HIPAA violations, especially when it involves utilizing protected health information (PHI) in relation to sales. Second, Warner Chilcott was not a covered entity. Therefore, it underscores the importance of HIPAA compliance.
Three district managers, who lived in North Carolina, California and New York, were sentenced to various months of home confinement, ordered to forfeit various amounts of money, and pay varying fines. These district managers and their sales representatives accessed patients' PHI in order to submit prior authorizations for Atelvia, an osteoporosis drug.
As a refresher, generally, the sale of PHI is "where the covered entity or business associate directly or indirectly receives remuneration from or on behalf of the recipient of the protected health information in exchange for the protected health information." If a patient's PHI is being sold, physicians and other covered entities need to include this express provision in their HIPAA Authorization Forms and Notice of Privacy Practices. "Notwithstanding any provision of this subpart, other than the transition provisions in § 164.532, a covered entity must obtain an authorization for any disclosure of protected health information which is a sale of protected health information, as defined in § 164.501 of this subpart.(ii) Such authorization must state that the disclosure will result in remuneration to the covered entity."
Hence, the takeaways for physicians are: (1) you need to expressly obtain authorization from patients before selling their PHI; (2) this area of your HIPAA Authorization Form should be bold and require initials, so that authorization is less likely to be contested as misleading or hidden; and (3) make sure that a business associate agreement is also in place. Taking precautions up front can prevent severe penalties in the long run.
Certifying Your Communications Technology is Secure
July 5th 2021Physicians Practice® spoke with Michael Parisi, Vice President of assurance strategy and Community Development at high trust Alliance, about how physicians and practice owners can discern whether or not communications technology they are interested in integrating into their practice is certified secure.
Addressing patient suicide risks in your practice
March 1st 2021Physicians Practice® spoke with Dr. Anisha Abraham, author of the book "Raising Global Teens: A Practical Handbook for Parenting in the 21st Century", about signs that a patient may be at risk of suicide and self-harm as well as interventions and communication methods physicians can employ in the clinical setting.
