Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.
On April 30th, 2018, Dr. Rita Luthra was convicted of violating the HIPAA Privacy Rule and of obstruction of a criminal health care investigation. A federal jury found that Dr. Luthra allowed a pharmaceutical sales representative to access her patient records and lied to federal investigators. Criminal charges under the federal Anti-Kickback Statute (“AKS”) were alleged initially but subsequently dropped.
Dr. Luthra’s conviction stems from her involvement with a pharmaceutical sales representative with Warner Chilcott. Warner Chilcott was the subject of a criminal investigation by the U.S. Department of Justice (DOJ) in 2015. The investigation resulted in Warner Chilcott pleading guilty to a felony charge of health care fraud and agreeing to pay $125 million to resolve criminal and civil liability arising from alleged illegal marketing practices of certain drugs.
According to the government, the Warner Chilcott sales representative asked Dr. Luthra to participate in the company’s speaker program because Dr. Luthra prescribed a high volume of osteoporosis medication. Dr. Luthra agreed and spoke at medical education and speaker training events held in her office. The events involved Dr. Luthra speaking to the sales representative for about thirty minutes while she ate food provided by the representative for Luthra and her office staff. Warner Chilcott paid Dr. Luthra approximately $23,500 for her services.
In January 2011, Warner Chilcott launched a new osteoporosis drug which Dr. Luthra prescribed. Many insurance companies required a prior authorization before covering the new drug. In response to receiving numerous denials for Dr. Luthra’s prescriptions for the new drug, she asked the sales representative to assist one of her medical assistants with obtaining prior authorizations. The sales representative agreed, was given access to Dr. Luthra’s medical records to complete the prior authorizations, and filled out the prior authorizations.
Dr. Luthra later provided false information to OIG investigators when interviewed about her relationship with Warner Chilcott. She was convicted of a criminal violation of HIPAA for the improper disclosure of her patients’ protected health information to the sales representative. It is illegal to knowingly disclose protected health information in violation of the Privacy Rule. Most HIPAA enforcement activities are in the form of civil enforcement. However, the Privacy Rule also establishes criminal penalties for certain wrongful disclosures of protected health information.
Dr. Luthra’s sentencing has not yet been scheduled. Nonetheless, Dr. Luthra’s HIPAA violation provides for a sentence of up to one year in prison and/or a fine of up to $50,000. The obstruction conviction carries a higher potential penalty of up to five years in prison and a fine of up to $250,000.
While criminal prosecutions of HIPAA violations are rare, this case serves as a reminder that HIPAA is more than a series of privacy and security rules; HIPAA establishes criminal liability and potential jail time for HIPAA violations. This case reflects the DOJ’s continuing scrutiny of physician-pharmaceutical manufacturer relationships, particularly those that can affect health care decision making. Providers should be mindful of their relationships with pharmaceutical companies, and third parties who may have access to protected health information. Moreover, if a provider is the subject of an investigation, he or she should be truthful and engage competent counsel at the early stages of the investigation.
For more information, or if you need assistance with an investigation or evaluating whether your relationships comply with HIPAA, please contact Miranda Preston or another health care attorney at Milligan Lawless.
The law mandates that, beginning October 1, 2017, physicians must consult a prescription monitoring program (PMP) prior to prescribing an opioid analgesics or benzodiazepine in schedules II-IV.
Under the new regulations, Arizona health care institutions must establish and implement more comprehensive plans and procedures for prescribing or ordering an opioid or administering an opioid.
Physicians who prescribe opioids, and health care institutions licensed by Arizona’s Department of Health Services, should be aware of this new law, and new rule. If you have any questions regarding these new laws, or would like assistance with updating your policies and procedures to conform to these requirements, please feel free to contact Milligan Lawless.
 SB 1283 (2016), signed by Arizona Governor Doug Ducey in 2016 amended A. R. S. § 36-2606.
 9 AZ Adc. Ch.10, Ariz. Admin. Code R9-10-120.
We are pleased to announce today that Chambers USA ranked Milligan Lawless, P.C. and 3 of our attorneys among the best in Arizona for 2016. Among Arizona law firms, Milligan Lawless achieved a Band 1 ranking, Chambers USA’s highest recognition, in the Healthcare practice area.
The firm received the following “Leading Individual” rankings for Phoenix attorneys:
Chambers USA is an annual ranking that assesses each law firm and attorney on technical legal ability, professional conduct, client service, commercial awareness/astuteness, diligence, commitment and other qualities most valued by their clients. Additionally, independent interviews with clients and confidential submissions of law firms are part of the Chambers research and evaluation process.
On November 14, 2014, the Indiana Court of Appeals upheld a $1.4 million jury verdict holding Walgreen Co., the owner of Walgreens pharmacies (“Walgreens”), liable after one of the company’s pharmacists shared a customer’s confidential medical records in violation of the Health Insurance Portability and Accountability Act (HIPAA). According to court records, the pharmacist searched the customer’s confidential prescription history for any records indicating that the customer had been treated for a sexually transmitted disease. The pharmacist then printed out the prescription history and provided it to the customer’s ex-boyfriend.
by Emily D. Armstrong
Are you or providers sending patient information via text? Are you or providers communicating about patients via text? If the answer to either of these questions is “yes,” beware this could result in fines and legal violations.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a Federal law that addresses, in part, the security and privacy of health data. The law requires the Department of Health and Human Services (“HHS”) to establish rules for the handling of protected health information (“PHI”).
 42 U.S.C. § 1320d et seq.
Click here to read the full article.
Emily’s biography is located here.