May 2010 Archives

May 28, 2010

RED FLAGS RULE AND IDENTITY THEFT- ENFORCEMENT DELAYED YET AGAIN

In a not surprising turn of events, days before the June 1st deadline, the Federal Trade Commission ("FTC") announced that it is again delaying the enforcement of the identity theft regulations through December 31, 2010. This latest delay came at the request of certain members of Congress while Congress considers legislation that would affect the scope of entities covered by the identity theft regulations. This is the 5th time that the enforcement has been delayed and physicians are hopeful that a permanent solution will be forthcoming. The legislation under consideration would exempt from the law health care practices with fewer than 20 employees. The FTC's official announcement can be found here. HLP will continue to keep you updated on this topic.

May 26, 2010

Anesthesia Guidelines Clarified: CMS Issues Transmittal on May 21, 2010

On May 21, 2010, CMS issued a new transmittal clarifying the interpretive guidelines for the hospital conditions of participation for anesthesia services. The transmittal serves to revise Appendix A "Survey Protocol, Regulations and Interpretive Guidelines for Hospitals".

Consistent with the CMS December 11, 2009 memorandum, the transmittal confirms that "The administration of medication via an epidural or spinal route for the purposes of analgesia, during labor and delivery, is not considered anesthesia and therefore is not subject to the anesthesia supervision requirements at 42 CFR 482.52(a)". CRNAs providing "anesthesia" as opposed to "analgesia" require physician supervision unless such services are provided in an "Opt-Out State." (Note: Since the issuance of the 2001 CMS regulation permitting opt-outs, 15 states have formally opted-out). In particular, a CRNA administering general, regional and monitored anesthesia care must be supervised either by the operating practitioner who is performing the procedure, or by an anesthesiologist who is immediately available. According to the transmittal, "immediately available" requires that the anesthesiologist is physically located within the same area as the CRNA "e.g., in the same operative/procedural suite, or in the same labor and delivery unit, and not otherwise occupied in a way that prevents him/her from immediately conducting hands-on intervention, if needed."

Notably, this transmittal changes earlier revisions with respect to the post-anesthesia evaluation. With respect to outpatient surgery, although the transmittal reflects that the post-anesthesia evaluation must be completed within 48 hours after surgery, the language requiring that the evaluation be completed prior to discharge has now been deleted.

Continue reading "Anesthesia Guidelines Clarified: CMS Issues Transmittal on May 21, 2010" »

May 25, 2010

AMA and Others File Suit to Block Red Flag Rules

In a long-anticipated maneuver, the American Medical Association ("AMA"), American Osteopathic Association ("AOA") and the Medical Society of the District of Columbia ("MSDC") filed a lawsuit last week seeking to block the Federal Trade Commission ("FTC") from requiring physician practices to implement its "Red Flag" identity theft safeguards.

In an ongoing saga that HLP has followed (see previous posts on the postponement of Red Flag rules enforcement, the small business exemption amendment, and the American Bar Association suit that preceded the current AMA suit), physicians have argued that their practices should not be treated the same as financial institutions simply because the common practice of allowing patients to pay their bills over time qualifies physician practices, under the FTC's definition, as "creditors."

Note, this suit doesn't affect the deadline for enforcement, which is set to begin on June 1, 2010.

Continue reading "AMA and Others File Suit to Block Red Flag Rules" »

May 25, 2010

Ohio Hospital Settles False Claims Act Suit for $108 Million

A False Claims Act lawsuit, sparked by a whistle-blower suit in 2003 filed against the Health Alliance of Greater Cincinnati and then-member Christ Hospital, has been settled, with the Health Alliance and hospital agreeing to pay the government $108 million, despite continuing to deny the allegations of the suit.

The U.S. Justice Department joined the suit in 2008, and charged that between 1997 and 2004, cardiologists at the hospital were scheduled based on the amount of business, through referrals, that the doctors brought to the hospital. Essentially, DOJ argued, this arrangement, which created the opportunity for the cardiologists to bill for diagnostic services and pick up new patients for follow-up appointments, constituted an illegal kickback scheme.

Continue reading "Ohio Hospital Settles False Claims Act Suit for $108 Million" »

May 24, 2010

New CMS Transmittal Regarding the Use of RAs to Report Recoupments

Last month, we published a post regarding the new protocols that CMS is requiring RACs to use on Remittance Advice (RAs) when identifying and recouping overpayments. CMS has also issued the additional Transmittal 659, which sets forth the two-step process of utilizing RAs to report amounts to be recovered.


  • Step I: Reversal and Correction to report the new payment and negate the original payment (actual recoupment does not happen at this step)

  • Step II: Report the actual recoupment

Additionally, CMS is hosting a National Call on the issue of recoupment on May 26, 2010 from 1:30 p.m. to 3:30 p.m. EST. For more information, visit the CMS RAC website.

Additionally, please visit the HLP's RAC page, or contact Abby Pendleton, Esq. or Jessica L. Gustafson, Esq. at (248) 996-8510.

May 21, 2010

HLP Founding Partner Quoted in "Physicians Practice"

HLP founding partner Robert S. Iwrey, Esq. was quoted in a "Patient Records Legal Primer" article in the award-winning, national publication Physicians Practice. You can read about how to ensure that your record-keeping is well managed by clicking here.

May 18, 2010

Mandatory Compliance

It looks like the days of "voluntary" compliance programs are coming to a close. As we discussed in a recent blog, the health care reform bill contained provisions mandating compliance programs. New York providers receiving Medicaid funds have already experienced mandatory compliance obligations as a result of the New York Office of Medicaid Inspector General regulations that went into effect last year. Although the implementing regulations have yet to be issued, providers are well advised to have a renewed focus on compliance activities. For those smaller health care providers who never formally implemented compliance, the time has come to make compliance a top priority! With the increased health care enforcement environment and ramping up of audit activity, including from the Medicare Recovery Audit Contractors (RACs), The HLP attorneys have seen extensive auditing and investigations of health care providers and significant overpayment demands being requested of providers. We encourage health care providers to take the topic of compliance seriously and take a critical look at their documentation and billing practices, as it is more cost-efficient to be proactive in developing an effective compliance program than responding to a compliance request without having adequate compliance processes in place. It is likely just a matter of time before a Medicare or Medicaid contractor (e.g., PSCs, ZPICs, RACs, MICs) or even a third party auditor hired by another payor does.

Continue reading "Mandatory Compliance" »

May 16, 2010

Maximum Period for Submission of Medicare Claims Reduced to Not More Than 12 Months

On May 7, 2010, CMS promulgated Transmittal 697 to align the requirements governing the timely filing limits (for submitting claims for Medicare Fee-for-Service ("FFS") reimbursement) with the requirements set forth in the Patient Protection and Affordable Care Act (the "PPACA").

By way of background, a service provider or supplier formerly had been required to submit the claim for services furnished on or before December 31 of the following year for dates of service occurring during the first nine (9) months of the year. For services furnished during the last quarter of the calendar year, the provider or supplier needed to submit the claim on or before December 31st of the second following year. Thus, in practice, providers and suppliers had 15 to 27 months to file Medicare FFS claims.

Section 6404 of PPACA amended the timely filing requirements to reduce the maximum time period for submission of all Medicare FFS claims to one calendar year after the date of service, effective for services furnished on or after January 1, 2010. For example, if a service is furnished on May 15, 2010, then the claim must be submitted to Medicare no later than 15, 2011. Additionally, this section mandates that all claims for services furnished prior to January 1, 2010 must be filed with the appropriate Medicare Administrative Contractor (MAC) no later than December 31, 2010. Transmittal 697 instructs the MACs to implement these changes to the timely filing requirements prescribed by 6404 of PPACA. Although not certain, we at THE HEALTH LAW PARTNERS consider it likely that CMS will adopt a rule interpreting the new timely filing requirement. In the interim, it is incumbent upon all providers and suppliers to review their claims submission practices to ensure compliance with Transmittal 697.

Continue reading "Maximum Period for Submission of Medicare Claims Reduced to Not More Than 12 Months" »

May 16, 2010

Precipitous Increase in Fraud And Abuse Recoveries To Medicare Trust Fund

As reported in the May 14th HLP blog, the Departments of Justice (DOJ) and Health and Human Services (HHS) recently released the Health Care Fraud and Abuse Control Program (HCFAC) Annual Report for Fiscal Year 2009, which reflects that $2.51 billion was deposited to the Medicare Trust Fund in 2009, as a result of more intensive efforts to fight fraud and abuse. U.S. Attorney General Eric Holder announced that the 2009 recovery amount represented an increase of more than half a billion dollars over the 2008 total. Evidencing the heightened scrutiny that we, at THE HEALTH LAW PARTNERS, have been discussing with our clients during this past year, more than 1,000 new criminal health care fraud investigations were opened in 2009, 1,621 investigations were pending, and 583 convictions for health care fraud-related crimes were obtained. In addition, federal prosecutors filed criminal charges in 481 cases involving 803 defendants which, according to Holder, constitutes an "all-time high" in the number of health care fraud defendants charged. In addition, DOJ opened 886 new civil health care fraud investigations and had 1,155 civil health care fraud matters pending. Holder also noted that, in 2009, the DOJ and HHS established the Health Care Fraud Prevention & Enforcement Action Team (HEAT), which has operated with noteworthy efficacy in, among other places, two of the States with HLP offices - New York (Brooklyn) and Michigan (Detroit). In sum, the Annual Report speaks to the successes that the Government's deployment of additional resources has enabled it to achieve in connection with its goal of reducing health care fraud - and this success likely presages the Government dedicating even-greater resources towards health care enforcement in the coming years.

Continue reading "Precipitous Increase in Fraud And Abuse Recoveries To Medicare Trust Fund " »

May 14, 2010

OIG Opinion Approves Free Pre-Authorization Arrangement

On May 6, 2010 the Office of Inspector General (the "OIG") posted Advisory Opinion 10-04, which approved a program conducted by several imaging centers to provide free pre-authorization services to patients and referring physicians (the "Pre-Authorization Arrangement"). This approval was somewhat unexpected in light of the OIG's prior issuance of several advisory opinions and other guidance articulating concerns involving the provision of free items or services to referring physicians. Nonetheless, the OIG's position in Advisory Opinion 10-04 is likely to be favorably received by the significant number of imaging providers who have been trying to bridge the tension between advancing their business prospects in an increasingly more competitive landscape, while simultaneously seeking to engage in conduct that could be viewed as impermissible under the Anti-kickback Statute (the "AKS").

A full analysis of the implications will be forthcoming in the June issue of "Regulatory Review," the monthly column in AHRA Link authored by Adrienne Dresevic, Esq. and Carey F. Kalmowitz, Esq.

May 14, 2010

New Report Highlights Federal Efforts to Fight Health Care Fraud

This month, the Office of Inspector General published its report of the activities and results of the Health Care Fraud and Abuse Control Program for 2009. A few highlights from the report include:


  • 1014 new criminal health care investigations opened,

  • 583 fraud-related convictions concluded, and

  • $1.63 billion in judgments and settlements--a figure that doesn't include state or joint federal-state recoveries.

Yesterday, Health and Human Services and the Department of Justice issued a press release focusing on the new tools for fighting fraud that are contained in the Patient Protection and Affordable Care Act (PPACA). They conclude that the OIG's report shows "significant progress" in fighting fraud.

"Criminals have concluded that health care fraud is a safe bet. It is imperative that we change the calculus," said Daniel R. Levinson, Inspector General for the Department of Health and Human Services. "With the expanded resources and enforcement tools provided in the Affordable Care Act, OIG and its partners will be bringing the fight to the criminals to prevent, detect, and swiftly punish those who steal from taxpayers and abuse the public trust."

For more information on fraud and abuse, please contact Adrienne Dresevic, Esq. or Robert S. Iwrey, Esq. at (248) 996-8510.

May 13, 2010

CMS Program Integrity Rulemaking Process Issued May 5

Centers for Medicare and Medicaid published an interim final rule on May 5, 2010, that begins implementation of certain provisions of the Patient Protection and Affordable Care Act (PPACA) relating to Medicare and Medicaid program integrity. The regulations, with a comment period ending on July 6, 2010 (the effective date for the regulations) include changes to enrollment requirements and proper documentation of referrals. You can view the interim final rule here.

For more information on Medicare and Medicaid, please contact Adrienne Dresevic, Esq., Robert S. Iwrey, Esq., or Abby Pendleton, Esq. at (248) 996-8510.

May 12, 2010

PSCs Found to Have Little Effect on Recovery of Medicare Overpayments

The Office of the Inspector General ("OIG") of the Department of Health and Human Services ("HHS") issued a report this month showing that program safeguard contractors ("PSCs") have not resulted in significant recoveries to the Medicare program.

PSCs are intended to detect and deter fraud and abuse in Medicare, by conducting investigations and, at issue, here, referring overpayments for recovery by claims processors to Medicare. However, in its report, found here, the OIG found that:

PSCs referred 4,239 overpayments totaling $835 million to claims processors in 2007, but very little had been collected by claims processors as of June 2008. Claims processors collected 7 percent, or $55 million. Of the $55 million collected, 27 percent was for Part A claims; 56 percent was for Part B claims excluding durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS); and 17 percent was for Part B DMEPOS claims.

The OIG's report includes a number of recommendations to ensure that PSCs and their successors, Zone Program Integrity Contractors ("ZPICs") are effective. The OIG especially stresses the importance of regularly monitoring overpayment recovery collection efforts.

For more information on compliance or overpayment demands, please contact Abby Pendleton, Esq., and for more information on government investigations or subpoenas, please contact Robert S. Iwrey, Esq. Both can be reached at (248) 996-8510.

May 12, 2010

Compliance and Health Care Reform

Compliance continues to be a hot topic given the continued increase in enforcement, audits and other aspects of health care reform. On May 7, 2010, the Office of Inspector General (OIG) posted on its website an excerpt from a keynote address that the Inspector General for the Department of Health & Human Services recently gave entitled "Some Questions Compliance Professionals Should Ask As They Prepare for Health Care Reform." It should come as no surprise that the focus of the questions relate to transparency, quality as a compliance issue and accountability.

Continue reading "Compliance and Health Care Reform" »

May 11, 2010

HIPAA Security: Risk Analysis Guidance Issued

On May 7, 2010, the Office of Civil Rights (OCR) issued guidance on the risk analysis requirement of the HIPAA Security Rule. Many providers have not paid close attention to the actual requirements of the HIPAA Security Rule. In addition to covered entity providers that must comply with the security regulations, business associates that have not implemented the requirements of the HIPAA Security Rule must also do so, thanks to the HITECH Act. The newest OCR guidance should be reviewed as well as past guidance documents. This guidance focuses on the first step in identifying and implementing safeguards consistent with the HIPAA Security Rule. According to OCR, "the guidance is not intended to provide a one-size-fits-all blueprint for compliance with the risk analysis requirement. Rather, it clarifies the expectations of the Department for organizations working to meet these requirements." The OCR guidance does draw from recommendations from the National Institute of Standards and Technology (NIST) even though only federal agencies are actually required to follow guidelines set by NIST. We encourage providers and business associates to review the guidance as the HIPAA Security Rule emphasizes that the risk analysis process is a key element in achieving compliance with the regulatory requirements and it is an ongoing evolving process.

For more information, you can visit the HHS Health Information Privacy Page, or contact Abby Pendleton, Esq. or Kathryn Hickner-Cruz, Esq. at (248) 996-8510.

May 11, 2010

New Amendments to Standards for Effective Compliance and Ethics Plans

On April 29, 2010, the U.S. Sentencing Commission issued new amendments to the standards for, and criteria included in, an "Effective Compliance and Ethics Program" in the Federal Sentencing Guidelines. These amendments have important implications for all corporate health care providers.

For more information on corporate governance and effective compliance programs, please contact Abby Pendleton, Esq. or Robert S. Iwrey, Esq. at (248) 996-8510.

May 10, 2010

Shortage of Primary-Care Physicians

Despite efforts by the federal government to boost the ranks of primary-care physicians, an overwhelming number of physicians are choosing specialties other than internal medicine, and research has shown that internists leave the field mid-career at a much higher rate than other specialties. As a result, the shortage of primary-care physicians may be larger than expected, which will impact the care given to the millions of newly insured patients entering the healthcare system under the healthcare reform law.

Continue reading "Shortage of Primary-Care Physicians" »

May 7, 2010

HITECH Act Expands Requirements for Accounting of Disclosures

The HIPAA Privacy rule currently provides the right of an individual to receive an "accounting of disclosures," essentially a listing, of occurrences where a HIPAA covered entity has disclosed the individual's information to others--but this rule has not considered disclosures made for treatment, payment, and health care operations information that must be included in the accounting.

Now, the HITECH Act has expanded the list of what must be included in the accounting of disclosures. HITECH, which regulates the use of electronic health records ("EHRs"), provides individuals the right to receive information about disclosures made using the individual's EHR, including for the purposes of advancing treatment, payment, and health care operations. The Health and Humans Services Office of Civil Rights ("OCR") is required to set forth rules that balance the rights of individuals with the burden of reporting on HIPAA covered entities.

OCR has issued a request for information from individuals and providers as the first step in its rulemaking, which you can review here.

For more information on HIPAA and HITECH, please visit the HLP's Compliance and HIPAA page, or contact Kathryn Hickner-Cruz, Esq. or Abby Pendleton, Esq. at (248) 996-8510.

May 6, 2010

New Requirements for Noninvasive Vascular Testing

Effective May 1, 2010, physicians, IDTFs and other Part B Suppliers furnishing Non-invasive Vascular Testing in Michigan must comply with new training and certification requirements. In part, the policy, as set forth in a new LCD, states:

A. Training and Certification
1. The accuracy of non-invasive vascular diagnostic studies depends on the knowledge, skill, and experience of the technologist and interpreter. Consequently, the physician performing and/or interpreting the study must be capable of demonstrating documented training and experience and maintain any applicable documentation. A vascular diagnostic study may be personally performed by a physician or a technologist.
"The GAO Report to Congressional Committees entitled Medicare Ultrasound Procedures. Consideration of Payment Reforms and Technician Qualifications Requirements states that "Findings from several peer-reviewed studies, the Medicare Payment Advisory Commission, and ultrasound-related professional organizations support requiring that sonographers either have credentials or operate in facilities that are accredited, where specific quality standards apply. In some localities and practice settings, CMS or its contractors have required that sonographers either be credentialed or work in an accredited facility." (GAO-07-734)

2. All non-invasive vascular diagnostic studies must be performed under at least one of the
following settings:

a. performed by a physician who is competent in diagnostic vascular studies or under the general supervision of physicians who have demonstrated minimum entry level competency by being credentialed in vascular technology, or
b. performed by a technician who is certified in vascular technology, or
c. performed in facilities with laboratories accredited in vascular technology.

3. One or more technologists in each vascular laboratory must be certified by a credentialing board recognized by the Intersocietal Commission for Accreditation of Vascular Laboratories (ICAVL) or the National Council for Certifying Agencies (NCCA) or the International Standards Organization (ISO) 17024).

4. Laboratories may be certified by the Intersocietal Commission for the Accreditation of Vascular Laboratories. Certification of the laboratory itself supersedes the requirement for certification of individual technologists.
If a certified technologist supervises technologists who are not certified, the certified RVT must: provide direct supervision; and sign the record of the test and attest to the quality of the examination.

Physicians and Independent Diagnostic Testing Facilities--including mobile facilities--must ensure that their technicians, medical directors, and supervision protocols meet the above guidelines, and that billing documents reflect that. For assistance ensuring compliance with these and other rules governing IDTFs, please contact Adrienne Dresevic, Esq. or Carey F. Kalmowitz, Esq. at (248) 996-8510. You can also find additional information on the HLP's specialty page for Diagnostic Imaging Arrangements.

May 6, 2010

Health Care Reform Bill Creates New Mandatory Compliance Programs

The recently passed health care reform bill--known more technically as the Patient Protection and Affordable Care Act--contains a provision bound to increase enforcement regimes for health care providers. For instance, at Section 6401(a)(7), the Act creates mandatory compliance programs for providers enrolled in Medicare and Medicaid. The Secretary of Health and Human Services is tasked with setting forth both the core elements that compliance programs must include, and a timeline for implementation:

(7) COMPLIANCE PROGRAMS
(A) IN GENERAL- On or after the date of implementation determined by the Secretary under subparagraph (C), a provider of medical or other items or services or supplier within a particular industry sector or category shall, as a condition of enrollment in the program under this title, title XIX, or title XXI, establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category.

(B) ESTABLISHMENT OF CORE ELEMENTS- The Secretary, in consultation with the Inspector General of the Department of Health and Human Services, shall establish core elements for a compliance program under subparagraph (A) for providers or suppliers within a particular industry or category.

(C) TIMELINE FOR IMPLEMENTATION- The Secretary shall determine the timeline for the establishment of the core elements under subparagraph (B) and the date of the implementation of subparagraph (A) for providers or suppliers within a particular industry or category. The Secretary shall, in determining such date of implementation, consider the extent to which the adoption of compliance programs by a provider of medical or other items or services or supplier is widespread in a particular industry sector or with respect to a particular provider or supplier category.

HLP will continue to help providers stay aware of these and other compliance changes as they develop. For more information on Medicare and Medicaid compliance, please contact Adrienne Dresevic, Esq. or Abby Pendleton, Esq. at (248) 996-8510.

May 5, 2010

NY Bill Clarifies Authority of Physician Assistants

A recent New York bill, S04998, clarifies the scope of practice for physician assistants. Specifically, it authorizes physician assistants to perform medical services that the physician is otherwise authorized to perform, if the physician is supervising the physician assistant, and if the physician assistant has the necessary training to perform those tasks. These medical services must be those that occur "within the ordinary practice of the supervising physician."

Four of HLP's founding partners are licensed to practice in New York. For more information on New York legal developments, contact Adrienne Dresevic, Esq., Robert S. Iwrey, Esq., Carey F. Kalmowitz, Esq. or Abby Pendleton, Esq. at (248) 996-8510.

May 5, 2010

Patient Protection and Affordable Care Act: How its tax provisions impact individuals and businesses

The tax provisions of the Patient Protection and Affordable Care Act (the "Act") will impact most taxpayers. To simplify matters, it is helpful to separate the changes that will take place in 2010 and 2011 from future changes.

Changes in 2010 and 2011:

- Starting in 2010, small businesses will receive tax credits for purchasing group health coverage (from 2010 to 2013, the maximum credit is 35%; in 2014, the maximum credit is 50%). Even tax-exempt businesses are entitled to tax credits, albeit the maximum credit is smaller.
- On March 23, 2010, parents became able to cover their adult children (up to age 27) under their tax-qualified employer-provided health plan.
- Limits will be imposed on flexible savings arrangements - after 2010, only prescription medications will be covered (with some exceptions) and starting in 2013, there will be a $2,500 annual cap on covered expenses.
- After December 31, 2010, small employers can provide "simple" cafeteria plans.

Future Changes:

- In 2013, taxpayers with more than $200,000 in earned income ($250,00 for joint filers) will pay an additional 0.9% Medicare tax on the excess and an additional 3.8% Medicare tax on unearned income, including interest, rents, and royalties. Also, the threshold for deducting unreimbursed medical expenses will rise from 7.5% to 10% of AGI and contributions to flexible spending accounts for medical expenses will be limited.
- In 2014, individuals who are not eligible for government-provided coverage will be penalized if they fail to purchase essential health coverage. Also, people with income between 133% and 400% of the federal poverty level will be eligible for tax credits/subsidies to help pay for insurance premiums.
- In 2014, employers who do not provide insurance coverage will face tax penalties.
- In 2018, high-cost group plans will be subject to a 40% nonrefundable excise tax on their annual premiums in excess of $10,200 for individual coverage and $27,500 for family coverage.

Continue reading "Patient Protection and Affordable Care Act: How its tax provisions impact individuals and businesses" »

May 4, 2010

Smoking Banned in Health Facilities

Effective May 1, 2010, the Dr. Ron Davis Smoke-Free Air Law prohibits smoking in public places, food establishments, and workplaces. The prohibition applies to all health facilities, hospital long-term care units, nursing homes, hospices, and homes for the aged. Business operators must post "no smoking" signs, remove ash trays and other smoking paraphernalia, inform individuals smoking in violation of the law that they are violating the law, refuse service to violators of the law, and ask a violator to refrain from smoking or to leave. However, the Law does not prohibit the facility from accommodating individuals who want to continue smoking outside of the facility.

Continue reading "Smoking Banned in Health Facilities" »

May 3, 2010

Surgeon receives prison sentence for a HIPAA privacy violation

Huping Zhou, a former UCLA Healthcare System cardiothoracic surgeon is the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation. After admitting that he illegally read private electronic medical records of patients and obtained individually identifiable health information without a valid reason, Zhou was sentenced to four months in prison.

According to a Department of Justice press release, on the day in 2003 that Zhou received notice that he was being dismissed from his job, he accessed and read the medical records of his supervisor and colleagues. Over the next few weeks (even after he was formally terminated), Zhou illegally accessed the patient records system 232 times, including reviewing the medical records of several celebrities - Sharon Osbourne, Barbara Walters, Elizabeth Banks, Leonardo DiCaprio, Tom Hanks, Drew Barrymore, and Arnold Schwarzenegger.

Continue reading "Surgeon receives prison sentence for a HIPAA privacy violation" »