We read that the New Jersey AG is working with a former physician, who has pled guilty to disclosing PHI to a pharmaceutical sales representative. In February, Frank will learn the extent that the court will impose of a possible penalty of one year in prison and a $50,000 fine.
So why was this unauthorized disclosure happening? Money of course. We never will understand the idea of kickbacks for exploiting patients nor purposely committing billing fraud. We also don't understand why these cases seem(?) to be limited to a couple of states. As a reminder, States can prosecute HIPAA-related cases whether criminal or negligent (e.g. a breach).
We posted this, as a reminder and for assurances that (so far) we are unaware of any HIPAA Security or Privacy Officer being personally held liable under HIPAA for trying to run a compliant program. Criminal activity, on the other hand, is another story.
The graphic below links to the New Jersey AG release if you want to read more.
Stay (HIPAA) safe,