August 8, 2020

Volume X, Number 221

August 07, 2020

Subscribe to Latest Legal News and Analysis

August 06, 2020

Subscribe to Latest Legal News and Analysis

August 05, 2020

Subscribe to Latest Legal News and Analysis

Physician Convicted of HIPAA Violation Receives Probation

According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week.

The physician – a pediatric cardiologist – pleaded guilty in February 2018 to a misdemeanor count of wrongful disclosure of individually identifiable health information in violation of HIPAA, and had faced up to one year of imprisonment. The physician was prosecuted by the Department of Justice (DOJ) in Massachusetts in connection with DOJ’s investigation into Massachusetts-based pharmaceutical company Aegerion for mis-branding its prescription drug Juxtapid. As part of its resolution of the Aegerion investigation, Aegerion agreed to enter into a deferred prosecution agreement for criminal violations of HIPAA. According to the DOJ, the physician, in this case, allowed Aegerion sales representatives to access the confidential medical information of patients who were not diagnosed with a condition treated by Juxtapid to identify potential candidates for the drug, in violation of HIPAA’s prohibition on wrongful disclosures of health information.

The resolution of this criminal HIPAA prosecution with a non-custodial sentence is similar to the outcome of another recent criminal HIPAA case brought by DOJ in Massachusetts (see a report on the sentence in that case here, and our previous analysis here). Nonetheless, these cases underscore the significant potential criminal liability for violations of HIPAA, and the importance for health care providers of maintaining appropriate boundaries with pharmaceutical companies and their employees.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 16


About this Author

Conor Duffy Cybersecurity Attorney

Conor Duffy is a member of the firm's Health Law Group and its Data Privacy + Cybersecurity Team. He advises hospitals, physician groups, community providers, and other health care entities on general corporate matters and health law issues. He also counsels clients on what measures are needed to safeguard data and patient information.


Conor provides legal counsel to health care clients on various regulatory matters, such as Medicare and Medicaid program compliance, federal fraud and abuse laws, and the Emergency Medical Treatment & Labor Act...