- Three former district managers of a pharmaceutical firm have been sentenced for their connection in committing HIPAA violations and healthcare fraud, according to a release from the District of Massachusetts U.S. Attorney’s Office (USAO).
Landon Eckles, Timothy Garcia, and Jeff Podolsky were all sentenced by U.S. District Court judges. The three were sentenced for HIPAA violations and healthcare fraud committed in order to increase sales of Warner Chilcott osteoporosis drugs. In some instances, Eckles and sales representatives accessed patient PHI.
“In 2011, Atelvia®, an osteoporosis drug, was launched, but it was not covered by many insurance companies primarily because a generic alternative was available, the statement explained. “Therefore, insurance companies required physician approval, known as a prior authorization, before covering Atelvia®. In order to drive sales, Eckles directed certain sales representatives to fill out Atelvia® prior authorizations even if physicians refused to do so.”
Furthermore, Eckles encouraged sales representatives to ensure that patient medical charts were “flagged” with Atelvia® brochures so physicians would be reminded to specifically recommend Atelvia®.
Garcia pleaded guilty to conspiracy to commit health care fraud, which happened when he “aggressively pushed his sales representatives to prepare prior authorizations themselves.”
“Recognizing that many physicians were hesitant to submit prior authorizations for Atelvia®, Garcia aggressively pushed his sales representatives to prepare prior authorizations themselves,” USAO wrote. “Furthermore, Garcia stressed the importance of concealing the misconduct of his sales representatives.”
Podolsky also pleaded guilty to conspiracy to commit health care fraud. He served as a district manager when both Atelvia® and its predecessor drug, Actonel®, had poor insurance coverage.
“Podolsky directed the sales representatives in his district to fill out prior authorizations for physicians who prescribed Actonel® and Atelvia®, by using false clinical justifications as to why the patient needed the drugs, and then submit them to health insurance companies,” explained USAO.
Due to the manipulated prior authorizations, insurance companies and Medicare paid at least $200,000 for prescriptions for the two drugs.
Eckles was sentenced to one year of probation and a $10,000 fine, while Garcia was sentenced to eight months of home confinement and ordered to forfeit $21,500. Podolsky was sentenced to eight months of home confinement, ordered to forfeit $28,237, and ordered to pay a $10,000 fine.
Inappropriate PHI access is a HIPAA violation that can create problems for large organizations, as well as individuals.
In February 2016, the Office for Civil Rights (OCR) explained in a HIPAA settlement that all covered entities must have proper policies and procedures when it comes to gathering individuals’ permission to post their information.
Complete P.T. Pool & Land Physical Therapy, Inc. agreed to a settlement of $25,000 after a complaint that it had inappropriately disclosed PHI when it “posted patient testimonials, including full names and full face photographic images, to its website without obtaining valid, HIPAA-compliant authorizations.”
The Department of Health and Human Services (HHS) also states that organizations to be specific with its disclosure authorization policies and procedures. For example, an authorization needs to be written in specific terms and all authorizations must be in “plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data.”
- OCR HIPAA Settlements Highlight PHI Disclosure, Compliance
- HIPAA Data Breaches: What Covered Entities Must Know