Heads up: DOJ says this is "one of the first criminal prosecutions in the nation for wrongful disclosure of patient information under HIPAA."
Helene Michel was convicted in New York this week of Medicare fraud and wrongful disclosure of private patient information.
The more ordinary aspect of Michel's case was the undelivered-services angle -- she ran the DME company Medical Solutions Management, Inc., and the feds charged she made fraudulent claims for equipment -- including one for "boots and braces to an elderly patient who was in fact an above-the-knee double-amputee."
But her means of obtaining beneficiary information was more unusual: "Over the course of four and a half years," says DOJ, "the defendant stole private patient information from various nursing homes on Long Island and then submitted thousands of fraudulent claims to Medicare."
For that she was charged with wrongful disclosure of patient information in violation of the Health Insurance Portability and Accountability Act.
"Under HIPAA, the term 'health care provider' included companies, such as MSM, that provided health care equipment and supplies," said the indictment. "Therefore, MSM's electronic submission of health information for health care claims were transactions covered by Subchapter C, undertaken by a covered entity under HIPAA."
“The defendant showed no regard for patients’ privacy rights when she stole their personal identity information to file false medical claims.... The verdict today should serve as a warning to those who disregard privacy laws to defraud publicly funded programs meant to help our seniors," said FBI Assistant Director-in-Charge Fedarcyk in DOJ's statement.
Michel faces 10 years and, in addition to fines, forefeitures based on her HIPAA violations of funds "derived from proceeds traceable to health care fraud, the wrongful disclosure of individually identifiable health information and the conspiracy to commit health care fraud violations," per the verdict sheet.