As most of you know, health information of patients is protected by the law. Well, there have been instances when physicians have not respected the protection of such information. By disclosing them to third parties, they violated the law and were convicted of HIPAA violations.
No physician or healthcare provider has the power to disclose private health-related information about their patients. After all, in the words of the law, “[e]xcept pursuant to an in compliance with § 164.508(a)(4), a covered entity or business associated may not sell protected health information.” (45 CFR § 164.502(5)(ii)(A)).
Like every law, there are exceptions to this one as well. However, they are quite limited and always require the consent of the patient in question. Even if you get the patient’s consent, there are various other things that you need to tick before you can disclose confidential information.
We will be sharing just one case of a physician being in violation of this law. We won’t be naming the physician in this article. What matters is understanding the lessons to be learned from this story.
The Case in Springfield
A physician was convicted in Springfield, Massachusetts, by a federal jury. It was proven that they disclosed their patients’ private healthcare information to a sales representative of a pharma company. The company in question was Warner Chilcott. This transfer of information was done without getting the consent of the patients involved. Hence, it was a direct violation of HIPAA.
Both the physician and pharma company were convicted. The pharma company admitted to its involvement in 2015 and accepted that it lied to agents during the course of the investigation.
By the end of the trial, it was concluded that the physician violated HIPAA and gave information about their patients to Warner Chilcott. By gaining private and insightful information about the patients, Allergan (a subsidiary company of Warner Chilcott) was able to target customers accordingly with expensive osteoporosis medications. The medications that were mainly pushed by them were Actonel and Atelvia. The pharma company used the insight to micro-market and target customers more effectively, which is not just a violation but also ethically wrong.
Once the guilty parties were convicted, penalties were levied. The pharma company had to pay the government $125 million. The physician in question had their license revoked and had to pay a penalty as well.
What Does This Mean for Physicians?
While the other party did manage to get out of the situation by paying the penalty, it is important to understand that the implication of a HIPAA violation is much harsher for a physician.
Here are some things you need to learn from this case:
a) If you violate the HIPAA clause, you might end up being criminally prosecuted. While you will almost always bid your license goodbye, in other cases, you might also have to do some time in prison. It all depends on the severity of the breach.
b) Any fraudulent payments that are made to you by a company wishing to access your patients’ information should never be accepted. While you may see it as a way to earn some quick cash, if you get caught, the consequences are scary.
c) Your relationship with a given pharma company must be disclosed to your patients. Your patients should know if you have a deal to prescribe a given company’s medicine. Regardless, you can’t give your patient’s information to the company.
Make sure you abide by the rules. Don’t tread on dangerous grounds and respect your patients’ private healthcare information. Don’t put your career at stake for a few extra bucks.