On April 30, 2018 a Massachusetts physician was convicted by a federal jury for violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and obstructing a criminal health care investigation after impermissibly disclosing protected health information and lying to federal agents during a criminal health care investigation.

The physician’s convictions stemmed from a Department of Justice (DOJ) investigation of (and eventual $125 million settlement with) a pharmaceutical company that was suspected of felony health care fraud based on its illegal marketing practices and payment of kickbacks to physicians. During this investigation, the DOJ interviewed the physician about her relationship with the pharmaceutical company. The DOJ later alleged that the physician obstructed its investigation by providing false information to federal agents regarding her relationship with the pharmaceutical company, including a $23,500 payment the physician received for speaker training and medical education events held at the physician’s office (and attended solely by sales representatives of the pharmaceutical company).

The DOJ originally charged the physician with accepting kickbacks from the pharmaceutical company but dropped those allegations in favor of proceeding with HIPAA and obstruction of a criminal health care investigation charges. These charges were based on the physician providing the pharmaceutical company access to her patient files to target patients with specific health conditions and providing false information to federal agents.

Under HIPAA, the penalties the physician could face include one year in prison and/or a fine of $50,000 and one year of supervised release. The physician also faces penalties for the conviction of obstructing a criminal health care investigation, which include up to five years in prison, three years of supervised release, and a fine of $250,000. The federal district court judge will determine the physician’s ultimate sentence at an upcoming hearing.

Health care professionals should use this case as a reminder that HIPAA violations can lead to criminal convictions, though typically only in egregious cases like this one where protected health information is impermissibly disclosed for financial gain. This case also serves as a friendly reminder to providers that lying to federal agents is never a good idea.

For questions about this update or health IT privacy and security generally, please contact Meghan O’Connor at (414) 277-5423 / meghan.oconnor@quarles.com, Rachel Weiss at (414) 277-5829 / rachel.weiss@quarles.com, Sarah Erdmann at (414) 277-5512 / sarah.erdmann@quarles.com, or your Quarles & Brady Health Information Technology, Privacy and Security attorney.