Fraud Management & Cybercrime , Healthcare , Industry Specific

Former Doctor Pleads Guilty to HIPAA Charges in Fraud Case

Alleged Conspiracy Involved Drug Sales Rep Accessing Patient Records
Former Doctor Pleads Guilty to HIPAA Charges in Fraud Case

A former physician pleaded guilty to criminal HIPAA violations in a case involving a compound pharmaceutical salesman and a conspiracy alleged to have racked up $2.5 million in healthcare fraud.

See Also: Securing Healthcare Against Ransomware Post-COVID-19

Former internist Frank Alario pleaded guilty in a New Jersey federal court to one count of conspiracy to wrongfully disclose and obtain individually identifiable health information, a misdemeanor. The admission is part of a plea deal that dismisses 11 other criminal charges returned by a grand jury in a September 2020 indictment.

The indictment, along with an updated narrative of events by prosecutors, portrays a nearly two-year effort by Alario and pharmaceutical salesmen Keith Ritson to funnel patients into prescriptions for compound pills fulfilled by Louisiana pharmacy Central Rexall Drugs.

The conspiracy was active from around August 2014 through February 2016. Ritson, the founder of Life Sciences Medical, allegedly received commissions from Central Rexall for each compound prescription he arranged. Compound medications are medications mixed by a pharmacist rather than an offsite manufacturing facility. Central Rexall CEO Hayley Taff pleaded guilty in 2020 to defrauding New Jersey health benefits programs and other insurers out of more than $50 million through a compounding pill scheme.

Alario's HIPAA violations occurred in the service of the scheme: The doctor would let the salesman into exam rooms during consultations, giving patients the impression that Ritson was affiliated with the medical practice. Alario would instruct patients to see Ritson in another part of the practice so Ritson could fill out compound medication prescriptions ultimately authorized by Alario.

Ritson had access to the physician's patient schedule and would review medical charts and insurance coverage in advance to determine likely matches for a compound pill prescription.

Prosecutors say Alario sought to financially assist Ritson, who treated the doctor, his staff and his family to meals and drinks and acted as Alario's driver during long commutes to different medical offices. Ritson and Alario together caused an unnamed pharmacy benefits administrator to pay Central Rexall more than $2.5 million for medications.

Alario faces a maximum penalty of one year of federal prison time and a $50,000 fine. His sentencing is slated for Feb. 7, 2023.

Ritson is scheduled to go on trial in a New Jersey federal court on Nov. 7.

Attorneys representing Alario and Ritson did not immediately respond to Information Security Media Group's requests for comment.

HIPAA Prosecutions Are Rare

Criminal prosecutions for HIPAA violations "pop up every once in a while but remain relatively rare," says privacy attorney Adam Greene of law firm Davis Wright Tremaine.

"My impression is that the Department of Justice is not prioritizing the prosecution of impermissible access to or disclosure of health information unless a case is particularly egregious or HIPAA serves as a convenient criminal charge in a case involving alleged healthcare fraud," he says.

A textbook example of that could be a prosecution opened in late September against a former John Hopkins Medicine anesthesiologist and her spouse, a U.S. Army doctor, for violations of HIPAA that occurred as part of ostensible espionage for the Russian government (see: DOJ: Army Doc, Wife Sought to Leak Health Records to Russia).

Even if they're unusual, the occasional HIPAA case is a useful reminder that the health privacy law is criminally enforceable, says regulatory attorney Brad Rostolsky of law firm Reed Smith. Federal authorities "certainly take criminal action when appropriate," he says.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.