Physician Criminally Sentenced For HIPAA Violation – Could You Defend A Similar Violation?

A Georgia based pediatric cardiologist was recently sentenced to six months of probation for a HIPAA violation he had previously pled guilty to in 2018. He faced up to one year in prison for the HIPAA violation. The physician was prosecuted by the Department of Justice in Massachusetts in connection with an investigation into the Massachusetts-based pharmaceutical company, Aegerion.

The violation occurred when the pediatric cardiologist allowed pharmaceutical sales representatives access to medical information of patients who were not diagnosed with a condition treated by one of the pharmaceutical company’s drugs.In the past three years, health care providers and facilities have paid more than $20 million in HIPAA fines. While monetary fines are more prevalent than criminal actions, this case does emphasize available criminal sanctions for HIPAA violations. The news of this criminal sanction against the Georgia pediatric cardiologist should serve as a wake up call to reevaluate HIPAA potential risks in your office, practice and health facility.The best way to identify HIPAA vulnerabilities is to conduct a baseline risk assessment, which is required by HIPAA’s Security Rule, for any health care provider, facility or vendor that has access to patients’ Protected Health Information. A risk assessment will identify weaknesses in security practices and policies. If a HIPAA breach subsequently occurs, a thorough risk assessment would serve to mitigate penalties if ever called upon to defend against a HIPAA violation.

Has your office, practice or facility conducted a baseline HIPAA risk assessment? If not, contact Donna J. Craig, RN, JD at The Health Law Center to discuss her experience in conducting HIPAA risk assessments and designing an appropriate risk assessment based on your office, practice or facility’s needs.

Physician Criminally Sentenced For HIPAA Violation – Could You Defend A Similar Violation?

Share this: