In the span of a week, the U.S. Department of Justice closed two cases involving criminal HIPAA violations. One of these cases involved the violation of the Anti-Kickback Statute, while the other was in relation to the wrongful access of patient information. More details on the HIPAA criminal cases are discussed below.
Doctor Violates the Anti-Kickback Statute, Endangering Patients and Accepting Bribes
On June 16, 2021, the U.S. Attorney’s Office of the Southern District of New York released a press release regarding the settling of a HIPAA criminal case. Dr. Jeffrey Goldstein, a former doctor practicing in New York was sentenced to 57 months in prison for conspiring to violate the Anti-Kickback Statute.
The scheme involved Goldstein prescribing a fentanyl-based spray, Subsys, in exchange for kickbacks and bribes from the drug’s manufacturer Insys Therapeutics.
The U.S. Attorney Audrey Strauss said, “Jeffrey Goldstein, an Upper East Side Manhattan doctor, prescribed Subsys, a powerful fentanyl opioid, in return for nearly $200,000 in bribes from the drug’s manufacturer, Insys Therapeutics. Goldstein put his own patients at risk in order to satisfy his own greed, and will now spend time in federal prison for recklessly prescribing this highly addictive and powerful opioid. This sentence sends a loud and clear signal to the medical community that if you take bribes in return for prescribing, you will be prosecuted to the full extent of the law and risk significant prison time.”
According to the press release, Goldstein was only one of five Manhattan doctors convicted in the Subsys kickback scheme.
To read the full press release, please click here.
Hospital Worker Wrongfully Accesses Ex-boyfriend’s Files
On June 21, 2021, the U.S. Attorney’s Office of the Northern District of Iowa released a press release regarding the settling of a HIPAA criminal case. Jennifer Lynne Bacor, a former Cedar Rapids hospital employee, pled guilty to one count of wrongfully obtaining individually identifiable health information under false pretenses.
Bacor was a patient care technician at Cedar Rapids hospital when she accessed the protected health information of her ex-boyfriend who was being treated at the hospital. Although she was permitted access to patient files, her ex-boyfriend was not her patient, and therefore she should not have been accessing his information. In addition to accessing his files, she also took a picture of a medical photograph and shared it with a third person, who then shared the picture on Facebook messenger, along with “taunting language and emojis.”
As a result of her plea, Bacor will serve five years probation and pay a $1,000 fine. While serving probation, she will be restricted from employment in which she would have access to private medical information of others.
To read the full press release, please click here.
