News and Insights

Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.

Miranda A. Preston
iranda A. Preston

On April 30th, 2018, Dr. Rita Luthra was convicted of violating the HIPAA Privacy Rule and of obstruction of a criminal health care investigation.  A federal jury found that Dr. Luthra allowed a pharmaceutical sales representative to access her patient records and lied to federal investigators. Criminal charges under the federal Anti-Kickback Statute (“AKS”) were alleged initially but subsequently dropped.

Dr. Luthra’s conviction stems from her involvement with a pharmaceutical sales representative with Warner Chilcott. Warner Chilcott was the subject of a criminal investigation by the U.S. Department of Justice (DOJ) in 2015.  The investigation resulted in Warner Chilcott pleading guilty to a felony charge of health care fraud and agreeing to pay $125 million to resolve criminal and civil liability arising from alleged illegal marketing practices of certain drugs.

According to the government, the Warner Chilcott sales representative asked Dr. Luthra to participate in the company’s speaker program because Dr. Luthra prescribed a high volume of osteoporosis medication. Dr. Luthra agreed and spoke at medical education and speaker training events held in her office. The events involved Dr. Luthra speaking to the sales representative for about thirty minutes while she ate food provided by the representative for Luthra and her office staff. Warner Chilcott paid Dr. Luthra approximately $23,500 for her services.

In January 2011, Warner Chilcott launched a new osteoporosis drug which Dr. Luthra prescribed. Many insurance companies required a prior authorization before covering the new drug. In response to receiving numerous denials for Dr. Luthra’s prescriptions for the new drug, she asked the sales representative to assist one of her medical assistants with obtaining prior authorizations. The sales representative agreed, was given access to Dr. Luthra’s medical records to complete the prior authorizations, and filled out the prior authorizations.

Dr. Luthra later provided false information to OIG investigators when interviewed about her relationship with Warner Chilcott. She was convicted of a criminal violation of HIPAA for the improper disclosure of her patients’ protected health information to the sales representative. It is illegal to knowingly disclose protected health information in violation of the Privacy Rule. Most HIPAA enforcement activities are in the form of civil enforcement. However, the Privacy Rule also establishes criminal penalties for certain wrongful disclosures of protected health information.

Dr. Luthra’s sentencing has not yet been scheduled. Nonetheless, Dr. Luthra’s HIPAA violation provides for a sentence of up to one year in prison and/or a fine of up to $50,000. The obstruction conviction carries a higher potential penalty of up to five years in prison and a fine of up to $250,000.

While criminal prosecutions of HIPAA violations are rare, this case serves as a reminder that HIPAA is more than a series of privacy and security rules; HIPAA establishes criminal liability and potential jail time for HIPAA violations. This case reflects the DOJ’s continuing scrutiny of physician-pharmaceutical manufacturer relationships, particularly those that can affect health care decision making. Providers should be mindful of their relationships with pharmaceutical companies, and third parties who may have access to protected health information. Moreover, if a provider is the subject of an investigation, he or she should be truthful and engage competent counsel at the early stages of the investigation.

For more information, or if you need assistance with an investigation or evaluating whether your relationships comply with HIPAA, please contact Miranda Preston or another health care attorney at Milligan Lawless.

By Steve Lawrence, Shareholder, Milligan Lawless, P.C. (2013).

The following is an abstract of Mr. Lawrence’s article, Regulatory Issues that Affect Funding of Physician-Backed Medical Enterprises: A Primer:

This paper provides a summary of key federal regulatory issues that affect funding of physician-based medical enterprises. Margins in medical practices continue to face pressure from all sides. As physician compensation from core medical practices declines, physicians seek new avenues to profit. Many physicians start or sponsor spin-off businesses related to their practice or their medical background. As angel investors, venture capitalists and private equity firms consider investing in such medical businesses, the regulatory constraints on such enterprises becomes an important concern. Beginning with a hypothetical scenario suggested by recent regulatory enforcement cases, this paper examines key federal laws that govern physician-backed medical enterprises that could affect funding of such enterprises – the Stark law, the anti-kickback law and the False Claims Act.

By Ken Briggs, originally published by American Health Lawyers Association, Fraud and Abuse Practice Group (April 18, 2013)

On April 17, the U.S. Department of Health & Human Services, Office of Inspector General (OIG) issued an update of the Provider Self-Disclosure Protocol (SDP). This update is in response to OIG’s solicitation of comments issued in June 2012. It is intended to supersede and replace the SDP OIG originally issued in 1998, as well as the Open Letters OIG issued to provide additional guidance on the SDP to the healthcare community.

All individuals or entities subject to OIG’s civil monetary penalty (CMP) authority are eligible to use the SDP to resolve liability arising from the potential violation of federal criminal, civil, or administrative laws for which CMPs are authorized. Conduct for which CMPs are not authorized, e.g., simple overpayments or errors, are not eligible for resolution through the SDP. Importantly, matters involving only potential liability under the Physician Self-Referral (Stark) Law still are not eligible for resolution under the SDP, and should be disclosed to the Centers for Medicare & Medicaid Services under its Self-Referral Disclosure Protocol.

The update clarified the necessary elements of a disclosure:

  • The identifying information of the disclosing party, including a description of the organization of the disclosing party;
  • A concise statement of all details relevant to the conduct disclosed;
  • A statement of the federal laws that are potentially violated by the disclosed conduct;
  • The federal healthcare programs affected by the disclosed conduct;
  • An estimate of the damages or a certification that the estimate will be completed and submitted to OIG within 90 days of the date of submission;
  • A description of the disclosing party’s corrective action upon discovery of the conduct;
  • A statement of whether the disclosing party has knowledge that the matter is under current inquiry by a government agency or contractor;
  • The name of an individual authorized to enter into a settlement agreement on behalf of the disclosing party; and
  • A certification statement.

For disclosures involving false billing, OIG stated that the disclosing party must conduct a review to estimate the improper amount paid by the federal healthcare programs. The damages estimate may be derived from the actual claims submitted or from a sample. Where the disclosing party uses a sample, the sample size must include at least 100 items. The damages report must describe the:

  • Review objective;
  • Population sources of data;
  • Qualifications of personnel that conducted the review; and
  • Characteristics measured.

Additional elements are required where the damage estimate was derived from a sample.

For disclosures involving excluded persons, OIG clarified that the disclosing party should describe:

  • The identity, job of the excluded individual, and dates of employment;
  • The disclosing party’s screening and background check procedures;
  • How the conduct was discovered; and
  • Any corrective action taken.

Before making the disclosure, the disclosing party must screen all current employees and contractors against OIG’s List of Excluded Individuals and Entities. The SDP provides guidance on how to estimate damages related to excluded individuals.

For disclosures relating to potential liability under both the Anti-Kickback Statute and the Stark Law, OIG reiterated the requirement that the disclosing party clearly acknowledges that the disclosed arrangements constitute potential violations of the laws, as applicable. OIG requests that the disclosing party describe the total amount of remuneration involved without regard to whether a lawful purpose existed for the arrangement. However, the disclosing party may explain why it believes OIG should not consider a portion of the remuneration in determining the settlement amount.

OIG clarified its general practice for calculating settlement amounts, stating it typically requires a minimum multiplier of 1.5 times the single damages, but will determine whether a higher multiplier is appropriate depending on the facts. OIG reiterated that a minimum $50,000 settlement is required for kickback-related disclosures. For other matters accepted into the SDP, OIG requires a minimum $10,000 settlement. In the “unusual instance” where OIG does not find potential liability, it will refer the matter to the appropriate payor for resolution. If a disclosing party is unable to pay the anticipated settlement amount, it should promptly notify OIG so that OIG can review the disclosing party’s financial information to determine an appropriate resolution.

The Centers for Medicare & Medicaid Services announced its sixteenth settlement from a disclosure reported through the Self-Referral Disclosure Protocol for violations of the Stark Law. The disclosure was initiated by an acute care hospital in California that was unable to satisfy the personal service arrangement exception for an on-call physician arrangement. The disclosed violations were settled for $1,600. The government only publishes information related to certain disclosures.

The personal services arrangement exception is the most applicable exception to on-call arrangements with physicians. This exception requires an executed written agreement that describes the services to be performed by the parties. Among other elements, the compensation paid over the term must be fair market value and must not be determined in a manner that takes into account the volume or value of certain referrals.

Compliance with the Stark Law is particularly complex with on-call arrangements because of the difficult of determining fair market value of the compensation. In fact, the government only recently publicly approved providing compensation to physicians for on-call services. The government has been increasingly scrutinizing on-call arrangements due to the difficulty of valuing the services provided and the perceived opportunity to compensate referring physicians for referrals contemplated outside of the on-call arrangement.