Healthcare Compliance Perspective:
Although the initial act of allowing unauthorized individuals access to Protect Health Information seems innocuous, albeit unlawful, it may have ramifications that extend far beyond the Privacy Officer’s perspective. If those ramifications are significant, then the initial disclosure may be included in fines and penalties based upon the ultimate behaviors committed by others.
A federal jury recently convicted a Massachusetts gynecologist in connection with allowing a pharmaceutical sales representative to access his patient records and for lying to federal investigators.
The doctor was convicted by a federal jury of one count of violation of the Health Information Portability and Accountability Act (HIPAA) and one count of obstruction of a criminal health care investigation. The U.S. District Court Judge has not yet scheduled sentencing.
From January 2011 through November 2011, the physician allowed a pharmaceutical company sales representative to access protected health information (PHI) in her patients’ medical files. She later provided false information to federal agents when interviewed about her relationship with the pharmacy.
The charge for the HIPAA violation provides for a sentence of no greater than one year in prison and/or a fine of $50,000 and one year of supervised release. The charge for obstructing a criminal health care investigation provides for a sentence of no greater than five years in prison, three years of supervised release and a fine of $250,000. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and other statutory factors.
