Information obtained under HIPAA Privacy Rule
The elements of a criminal offense under HIPAA are fairly straightforward. To commit a “criminal offense” under HIPAA, a person must knowingly and in violation of the HIPAA rules do one (or more) of the following three things.: use or cause to be used a unique health identifier, obtain individually identifiable health information relating to an individual or disclose individually identifiable health information to another person. Criminal penalties under HIPAA, tiered in accordance with the seriousness of the offense, range from a fine of up to $50,000 and/or imprisonment up to a year for a simple violation to a fine up to $100,000 and/or imprisonment up to five years for an offense committed under a false pretense and afine up to $250000 and/or imprisonment up to ten years for an offense committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage , personal gain, or malicious harm.
One of the ways physician health programs are engaging in forensic fraud using laboratory developed tests (LDTs) is by changing them from “forensic” to “clinical” samples in order to bypass chain-of-custody. As there is no regulation or oversight of the entire testing process it is easy to do. PHPs have no oversight or regulation. Neither do the commercial drug testing labs using these tests. They are non-FDA approved and CLIA exempt so the only avenue of complaint is the College of American Pathologists (CAP) which is an accreditation agency that does not have the power to sanction.
In terms of criminal penalties I would aim for the $25000 and 10 year mark as the cumulative documentation of HIPAA breaches committed by PHS, Quest and USDTL under false pretense are many and severe.
The Department of Health and Human Services Office for Civil Rights confirmed that my blood test from July 1, 2011 was intentionally changed to a clinical specimen and sent to USDTL with specific instructions to process it as a clinical specimen. Under the updated HIPAA-Privacy Rule “patients’ have the right to request their records directly from labs without authorization of the ordering provider.
It is important to recognize that all three parties had misrepresented this test as “forensic” since 2011. I have been requesting the “external chain-of-custody” from Quest since December of 2011 and the “appended test” from V.P. of Laboratory Operations Joseph Jones since December of 2012 when I was informed that it was changed from positive to invalid on October 4, 2012.
The new documents provided by USDTL include the October 4, 2012 revised test contradicting Dr. Luis Sanchez letter that he “just found out about” the revised test 67-days later.
The importance of this cannot be overstated as I filed a complaint with the College of American Pathologists in January of 2012. The investigation confirmed my suspicion that the test was fraudulent and as a result CAP mandated that USDTL revise the test.
USDTL did so and reported it to Dr. Sanchez but both concealed it and Sanchez took action against my license the following week.
“Moving the Goalpost” is a frequent tactic of PHPs whereby they make a new allegation and disregard the original. By controlling the information that is provided they are able to suppress and conceal whatever they want by misusing existing health care confidentiality law.
The October 19, 2012 report for noncompliance with my contract was done under “color of law” and resulted in suspension of my medical license. The new documentation shows that all three parties were involved in the fraud and the coverup.
The information USDTL provided even contains an email from me to Joseph Jones from December of 2012 requesting that he provide a copy of the October 4, 2012 revision which he ignored.
In response to demand letters from my attorney all three defended themselves by claiming the July 1, 2011 test had absolutely nothing to do with my suspension and blamed it on my non-compliance. The new documentation shows that I was reported for noncompliance after Dr. Sanchez was made aware of the revised test.
As the three parties colluded to produce PHI and used it with malice in a conspiracy to commit fraud and I am therefore requesting that charges be filed against these parties under the HIPAA criminal statute:
The HIPAA criminal statute, 42 U.S.C.A. § 1320d-6, reads in pertinent part: ”A person who knowingly and in violation of this part— • uses or causes to be used a unique health identifier; • obtains individually identifiable health information relating to an individual; or discloses individual identifiable health information to another person, shall be punished as provided in subsection (b) of this section.” ”Whoever willfully causes an act to be done which if directly performed by him or another would be an offense against the United States, is punishable as a principal.” 18 U.S.C. § 2(b).
All three parties knew this was intentionally changed from a forensic to a clinical sample and PHI. Instead of correcting an error both Quest and USDTL took steps to conceal this information. In fact, the complicity of the three parties, cover-up and extent of damages caused by it make this the worst HIPAA-criminal violation to date. I can find nothing comparable and the damages have still not been corrected.
Luis Sanchez was notified of the invalidity of the test on October 4, 2012 but suppressed it for 67-days. This was a result of my complaint to the College of American Pathologists (CAP) that launched an investigation which revealed no external chain-of-custody existed for the specimen rendering it invalid. This was revealed to PHS on October 4th, 2012 but instead of disclosing this and correcting things Dr. Luis Sanchez reported me to the Board for “noncompliance” less than 2 weeks after it was revealed to him that the test was invalid. He then wrote a letter on December 11, 2012 stating that he “just found out” about the invalid test.
A Request to Inspect and Copy Protected Health Information and Authorization for Use or Disclosure of Patient’s Protected Health Information was sent to USDTL in July and August of 2014.
The July 1, 2011 PEth test was drawn as a forensic specimen and subsequently changed to “clinical” (rendering it PHI) at the request of Quest’s client, PHS, Inc on July 7th, 2011. USDTL sent the materials within the 30 day deadline.
Quest Diagnostics, however, refused to comply with my request for the authorization and release of information forms required for them to draw a clinical specimen (which I knew did not exist) as well as any documentation related to the request by PHS that Quest (in violation of all regulations, professional standards, and clinical laboratory law) changed a “forensic” to a “clinical” specimen. The Quest attorney insisted that I sign a “release” from PHS.
PHS and the colluding labs were apparently unaware of the updated HIPAA regulations removing the need to obtain a signed release from a “provider” to obtain PHI.
I only received it because the DOJ-OCR agreed that this was PHI and forced Quest to send it.
PHS manipulated the test, set up a system in which they could claim me non-compliant , then did so immediately after the test was amended and hoped I would never find out.
On 10/4/2012 USDTL amended the test noting “external chain of custody was not followed per standard protocol” invalidating the test (this was the result of the initial CAP investigation under the assumption it was a forensic test). This was faxed to PHS but they withheld this information from me and the Board of Registration in Medicine.
The very next week they deemed me “non-compliant.”
PHS then officially reported me to the BORM as “noncompliant” on 10/19/2012.
On 12/10/2012 I found out from Amy Daniels of CAP that the test had been amended. I then called PHS and they issued a letter the very next day 12/11/2012 stating “Yesterday, December 10, 2012 Physician Health Services (PHS) received a revision to a laboratory test” referring to the July 1, 2011 PEthstat. They then try to cover themselves by claiming they were not aware of any action taken by the board as a result of this test.
The documents reveal that PHS is violating multiple state and federal criminal laws including clinical laboratory laws. It not only involves forensic manipulation but sending laboratory specimens as “clinical” samples when they are not authorized to do so and misrepresenting them as “forensic.”
Joseph Jones goes on record as a strict advocate of quality control and chain-of-custody with his “Defense in Depth Strategy” video and multiple written documents proclaiming how USDTL follows strict and rigid protocol. Well the ” litigation packet” contradicts and even negates this. How can any of USDTLs testing be trusted in light of what is seen here.
There is nothing that correlates that test with me and for all intents and purposes it could be a positive template used specifically for this type of misconduct. They pointed out that it does not pass the common sense factor (i.e. what would an average person think under normal circumstances about this?)
What it shows is that Mary Howard of PHS changed a test that was drawn as a “forensic” test to “clinical.” She is listed as the ordering “physician.” None of the required information exists to obtain a clinical sample. There are no authorization forms signed by me or to whom the information can be disclosed–clear violations of “Prohibited Activities” under Massachusetts law governing clinical laboratories.
Quest and USDTL representation has already clarified that PHS requested this test be sent by Quest to USDTL as a “clinical sample” with specific instructions to process it as a “clinical” sample. PHS is a monitoring agency not a treatment provider.
A “clinical” laboratory specimen is defined (CLIA, DPH, HHS, state laboratory law, essentially everyone) by its use in the diagnosis and treatment of a patient in a doctor-patient relationship. It necessitates patient “care” which PHS is unable to legally provide as a “non-profit” charitable organization.
As this is both “bad-faith” and ultra vires “confidentiality agreements” and “peer review” protection should no longer be an issue. Just one removes it.
PHS is an agency that utilizes drug and alcohol screens to detect if doctors are using substances they are prohibited to use. It is not a clinical provider. I am sure Bresnahan has spun some sort of logical-fallacy argument to say it is, but the documentary facts negate this. Organizational purpose is clear. As a monitoring agency their drug and alcohol testing is forensic. This brings in to question their “charitable organization” non-profit status.
Accountability requires both the provision of information and justification for actions
Accountability also requires consequences for violations of professional standards-of-care, ethical codes of conduct and the law
PHS is able to do what they do by both blocking information and relying on others to overlook, table or otherwise dismiss valid complaints–complacent that these are good people helping doctors and protecting the public. The current incarnation does neither
There should be zero tolerance. PHS has been unaccountable for this type of behavior but this needs to be addressed.
Accountability requires both answerability, justification and consequences. There is no conceivable procedural, ethical or legal justification for what is shown here. The compounding of crimes over time is self-evident and therefore it is the responsibility of the state to hold him accountable for his crimes. The fact that he pontificates on professionalism and stands in judgment of others makes it even more important. There are no exceptions to the rules or the law..
And we now know why Quest was so reluctant to provide the records. Quest was complicit in this and obtained and processed a known forensic sample as “clinical” without any of the required documents. The test lists “ordering physician” as Mary Howard (who is a secretary at PHS). There are no signed release of information forms or authorization forms indicating who my PHI could be distributed to.
This is in violation of the HIPAA criminal statute. As a business associate It is my understanding PHS can be tied to it by the conspiracy statute.
There should be zero-tolerance for this type of criminal activity. There is no excuse for forensic manipulation and this must be addressed. The people who are engaging in this should be in jail yet they remain unscathed. This is a systemic problem that is best met with head on and in real time. It makes Annie Dookhan look like a girl scout.
7/1/2011—PHS requests blood test at Quest Diagnostics. No outside factors are involved in PHP requesting this. There is no outside complaint or concern behind it. I provide blood sample using my PHS unique identifier #1310
7/28/2011—verbal report that test was positive to the Board of Registration in medicine and requests I have a “reevaluation.”
I request test results in form of “litigation packet” but PHS tries to dissuade me and eventually threatens me with “unintended consequences.”
11/29/2011—PHS agrees to provide “litigation packet. Check dated 11/29/2011 is given for payment.
12/5/2011—Receive USDTL Litigation Packet Sole document from Quest is a fax that is time stamped and arrived 3 hours after the specimen was collected when I was in clinic at MGH rendering this impossible. In addition it is not my signature:
A fax from PHS to USDTL is also included requesting that my ID # 1310 and a “chain-of-custody” be added to an already positive specimen with no unique identifier connecting it to me.
A report dated 7/20/11 from USDTL “revised report per clients request” and “corrected donor ID from 46130 to 1310 and “corrected collection date to 7/1/2011”
Note this backdating of chain of custody and addition of my ID # is on 7/20/11 (one day after Dr. Luis Sanchez reported the test as positive to the Board of Registration in Medicine. )
Joseph Jones certifies that the specimen was processed with laboratory
Information obtained under HIPAA Privacy Rule
The elements of a criminal offense under HIPAA are fairly straightforward. To commit a “criminal offense” under HIPAA, a person must knowingly and in violation of the HIPAA rules do one (or more) of the following three things.: use or cause to be used a unique health identifier, obtain individually identifiable health information relating to an individual or disclose individually identifiable health information to another person. Criminal penalties under HIPAA, tiered in accordance with the seriousness of the offense, range from a fine of up to $50,000 and/or imprisonment up to a year for a simple violation to a fine up to $100,000 and/or imprisonment up to five years for an offense committed under a false pretense and a fine up to $250000 and/or imprisonment up to ten years for an…
View original post 3,279 more words