Welcome to the 2011 Missteps Archive!

Back to Learning From Others' Missteps

  • April 2011 - Johnson and Johnson's pre-existing "effective" but "insufficiently implemented" compliance and ethics program helped earn it the opportunity to accept "enhanced compliance obligations" in a deferred resolution agreement covering alleged violations of the Foreign Corrupt Practices Act. Lessons: C&E programs aren't just for the "main" business but need to be rolled out effectively in subsidiaries and acquired businesses. The Agreement also provides extensive detail on the DOJ's view of what is required for effectiveness.

  • August 2011 - Stanford Hospital and Clinics discovers that a file containing patient information has been posted to an Internet site for almost a year by one of its collection agency's employees. Lesson: It may be the business associate's breach, but it's the Covered Entity's reputation that takes the hit. November 2011 - Same lesson, different provider - UCLA notifies "thousands" of patients that their protected health information was stolen from the home of an ex-employee.

  • October 28, 2011 **"California-Based DFine Inc. to Pay U.S. More Than $2.3 Million to Settle Claims That Company Paid Kickbacks to Physicians"** AND operate under a extensive corporate integrity agreement for the next five years....Lesson: There are no "little" gifts of cash to referral sources.

  • November 10, 2011 A 59 year old cardiologist in Salisbury Maryland was sentenced to eight years in prison and payment of over $1M in fines and restitution after being found guilty of implanting medically unecessary stents and ordering unecessary testing for his patients. Lesson: It's not just about billing "correctly".

  • November 16, 2011 - Sutter Health has to tell the world that an unencrypted desktop computer containing the "protected" information of about 3.3 million patients was stolen from its administrative office 30 days previously. Lesson: In the words of Sutter's CEO Pat Fry - "We know we have to work harder to maintain and keep your trust."

  • December 12, 2011 - East Texas Medical Center Regional Healthcare System entered into a Resolution Agreement with the federal Office Civil Rights to resolve the agency's "deep concern" about the system's failures to provide interpretation services for a deaf pregnant patient. Lesson: The ADA and Section 504 of the Rehabilitation Act are not going away..

  • December 13, 2011 - "Selling test referrals for cash is illegal. Patients have every right to expect their doctors will recommend medical service providers because they do the best job, not because they provide the best bribes". Seems pretty basic, but 14 doctors and a nurse practitioner in New Jersey apparently failed to learn this lesson and have been charged in a cash for referrals scheme.

  • December 28, 2011 - Loma Linda University Medical Center announced that a now former employee had "taken home" records relating to 1,300 patients. No word on that person's motives or how Medical Center's practices permitted this to happen. Lesson: People are still the hardest part of privacy compliance.