Criminal HIPAA violations

U.S. District Court judges sentenced three former district managers of a pharmaceutical firm to a series of criminal HIPAA violations that have been linked to healthcare fraud.

Landon Eckles, Timothy Garcia, and Jeff Podolsky are former district managers of a pharmaceutical firm. According to a release by the District of Massachusetts U.S. Attorney’s Office (USAO), the three perpetrators committed criminal HIPAA violations by illegally accessing patients’ PHI in order to drive sales of Atelvia® and Actonel®, osteoporosis drugs manufactured by Warner Chilcott.

The drug was released in 2011 and required physician approval, or what’s known as a prior authorization, to be prescribed to patients. In an effort to drive sales, the three perpetrators orchestrated fraudulent prior authorizations by sales representatives.

According to the USAO release, “Recognizing that many physicians were hesitant to submit prior authorizations for Atelvia®, Garcia aggressively pushed his sales representatives to prepare prior authorizations themselves.” The release continued, saying “Furthermore, Garcia stressed the importance of concealing the misconduct of his sales representatives.”

The pharmacy HIPAA violations cost Medicare and various insurance companies at least $200,000 in fraudulent charges related to the prescription prices.

Each of the perpetrators was fined, ranging from $10,000-$40,000, with additional sentencing involving house arrest and probation time of up to a year.

This marks the second case of 2016 where a criminal HIPAA violation has occurred leading to criminal charges. In June of this year, a respiratory therapist based out of Ohio was convicted of wrongfully accessing patients’ PHI. She breached what’s known as the Minimum Necessary Disclosure standard as outlined in the HIPAA Security Rule.

Under this standard, healthcare professionals are required to limit their access, use, and disclosure of PHI to the minimum necessary amount required for payment, treatment, and operations.

Eckles, Garcia, and Podolsky violated this standard as well by illegally accessing patients’ PHI. They even went so far as to insert brochures advertising Atelvia® and Actonel® into patients’ medical records to coerce doctors into prescribing the drugs–a clear breach of patients’ rights to privacy under the HIPAA regulation.

OCR investigators have been actively pursuing pharmacy HIPAA violations for years now. This most recent case illustrates how serious federal litigation has become. With two criminal HIPAA violation investigations in one year, there has been a stark movement away from the less intense enforcement that healthcare professionals have seen up until now.

HIPAA privacy and security is more important now than ever before, and pharmaceutical companies must take action to defend their businesses from data breaches and HIPAA fines.

Third Party Verification and Validation

Need Help with HIPAA?

Let our complete HIPAA solution handle it.