Lessons Learned From A Recent HIPAA Criminal Penalty

by Adam Bullian | Jun 12, 2018 | Case Studies

Department-of-Justice-Credit-DigitalTrends-comWe do not often see criminal penalties for HIPAA, but when they do happen it can be important to take note.  If you have not already, it might be useful to brief your staff on this situation to remind them of the seriousness of protecting patient information.

On April 30 the Department of Justice announced a federal jury convicted Rita Luthra, a Springfield, Massachusetts gynecologist of a criminal HIPAA violation and obstructing justice. According to the Department of Justice, Luthra allowed a sales representative from a drug company to access protected health information in her patients’ files. She allegedly also provided false information to federal agents when interviewed about her relationship with the drug company.

This type of disclosure was neither permitted nor required under HIPAA, and therefore the only way it could be made is with an authorization by each patient. It appears that was not obtained, and therefore this was an illegal disclosure of PHI.

Luthra has not been sentenced yet, but the HIPAA violation carries a sentence of no greater than one year in prison and/or a fine of $50,000 and one year of supervised release.  

It is unclear whether this was known by Luthra to be an impermissible disclosure of PHI or not, however, it does indicate that permitting inappropriate access to PHI is taken seriously by prosecutors. It is necessary for all organizations to have a strong understanding of what PHI may be released, what must be released, and what may only be released with an authorization. Otherwise, organizations are placing themselves at risk for fines and placing their staff at risk of criminal punishment



Compliance and security are complex, but they don't have to be hard to comprehend. Check out our resources page for more educational ebooks, presentations, infographics, and more!

View All Resources

Our resources are compiled by our experts here at QI Express. With backgrounds in information technology consultation, IT systems design, audits, law, and patient-facing clinical roles, our team is able to leverage a unique scope of experience to deliver the most comprehensive educational material possible.