May 25, 2019

May 24, 2019

Subscribe to Latest Legal News and Analysis

May 23, 2019

Subscribe to Latest Legal News and Analysis

May 22, 2019

Subscribe to Latest Legal News and Analysis

HIPAA Lessons from the Warner Chilcott Settlement

Last week, the US Attorney’s Office in Boston announced that drug company Warner Chilcott agreed to plead guilty to health care fraud and pay $125 million to resolve criminal and civil liability arising out of allegations involving the promotion of the company’s drugs.  Continuing its focus on individuals, the former President of the Company has been charged with conspiring to pay kickbacks to physicians. The government interest in prosecuting illegal drug promotion activities and illegal payments to physicians has been a longstanding priority.  However, in a new twist that should be of great interest to the health care community, the government has brought criminal charges under the Health Insurance Portability and Accountability Act (HIPAA) against company employees as well as the physician practice owner for the alleged unlawful access and disclosure of patient medical records. These HIPAA violations could result in prison sentences, significant fines and exclusion from the Medicare program.

According to the Information filed last week, district managers allegedly encouraged their sales representatives to flag patient medical records with brochures about the company’s drug.  The sales reps also were accused of filling out the required prior authorization forms for the physician office and, in some instances, taking patient records home in order to complete those prior authorizations.  In order to conduct such activities, the sales representatives would have had to access the patients’ medical records.

It is not uncommon for hospitals and medical practices to allow DME suppliers, home care and other providers to access their patients’ medical records in connection with facilitating follow up care for patients.  Understanding the difference between lawful access for treatment purposes, which is permitted under HIPAA, and an unlawful access or disclosure that will subject a provider to penalties under HIPAA is critical.  Now is the time for providers and vendors alike to reexamine their HIPAA policies and retrain their staff to ensure that all employees understand how HIPAA  may impact sales, marketing and care related activities.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Ellen L. Janos, Health care attorney, mintz levin law firm

Ellen specializes in providing regulatory and strategic advice to health care clients of all types, including hospitals, long-term care facilities, hospices, retail pharmacies, PBMs, and pharmaceutical manufacturers.

She also represents companies doing business with, and investing in, health care providers. She represents clients in Medicare, Medicaid, and third-party payor audits and investigations; in the development of corporate compliance programs, HIPAA, privacy and security compliance initiatives; and in the negotiation and implementation of Corporate Integrity Agreements. She...