On April 30, 2018 a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the physician with pharmaceutical sales representatives that allowed the pharmaceutical company to target patients with specific conditions (and to correspondingly facilitate the receipt of prior authorizations for the company’s drugs from patients’ insurers).

This case derives from Department of Justice’s (DOJ) investigation of Warner Chilcott, a pharmaceutical company that in 2015 pleaded guilty to felony health care fraud arising from its allegedly illegal marketing practices as part of a $125 million settlement with the DOJ (see our previous coverage of that settlement here). At that time, the DOJ charged this physician with accepting kickbacks from Warner Chilcott in the form of speaker fees as inducements to prescribe its medications. According to the government, the physician accepted approximately $23,500 from Warner Chilcott for speaker training and speaking at medical education events that took place in her office and were only attended by a Warner Chilcott sales representative. Although the DOJ subsequently dropped allegations of violations of the federal Anti-Kickback Statute against the physician, the DOJ nonetheless proceeded with its case, and has now secured a conviction on two counts against the provider.

The prosecution and conviction of this physician serve as a stark reminder to all health care providers that HIPAA is more than just a privacy and security framework: it also establishes criminal liability for wrongful disclosures of individually identifiable health information. The case also emphasizes that the DOJ continues to scrutinize pharmaceutical marketing practices and physician-manufacturer interactions that can affect health care decision-making.

This post is also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.