The U.S. Department of Justice announced on January 15 that Jeffrey Paul Madison, the former chief executive officer of a Texas hospital, was sentenced to 36 months in federal prison for conspiring to violate the federal Anti-Kickback Statute (AKS). In October 2024, Madison also agreed to pay over $5.3 million to settle allegations under the

Ada Janocinska
Million Dollar Penalty Imposed on Pain Management Practice Following HIPAA Breach
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following a security breach that affected over 34,000 individuals.
Gulf Coast filed a breach notification report with OCR, as required…
OCR Imposes $240,000 Penalty in HIPAA Ransomware Investigation
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) imposed a $240,000 civil monetary penalty against Providence Medical Institute in connection with a ransomware attack that revealed vulnerabilities in the Institute’s systems and potential HIPAA violations.
The Institute was the victim of a series of ransomware attacks in 2018 that compromised…
New Consumer Protection Laws to Affect NY Healthcare Providers
On October 20, 2024, several significant consumer protection laws will go into effect, directly affecting healthcare providers throughout New York State. Introduced through the FY 2025 Executive Budget, these new laws reshape how providers must handle patient consent to pay for medical services and the use of credit cards for payment.
Separate Consent for Payment…
Medical Provider to Pay $115,200 Penalty for HIPAA Right of Access Violation
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that it ordered American Medical Response (AMR) to pay a civil monetary penalty of $115,200 for failing to comply with the patient right of access rule under HIPAA.
HIPAA requires that all covered entities provide timely access to a patient’s…
CT New Law Alert: Medical Debt Cannot be Reported to Credit Agencies
Connecticut Governor Ned Lamont recently signed a new bill into law that prohibits healthcare providers from reporting patients’ medical debt to credit rating agencies. The law goes into effect on July 1, 2024. In addition, any contracts signed by healthcare providers with credit rating agencies on or after July 1, 2024 must include explicit language…
Federal Rules Limit “Junk” Health Plans
On March 28, the U.S. Departments of Health and Human Services, Labor and the Treasury collectively issued final rules with respect to short-term and limited duration insurance (STLDI) plans in an effort to reduce healthcare costs by protecting consumers from purchasing such “junk” health plans that may provide little to no coverage in many scenarios. …
Health Network Pays $345 Million for Compensating Physicians Above FMV
Community Health Network, Inc., based in Indianapolis, Indiana, has paid $345 million to settle alleged violations of the False Claims Act (FCA). The lawsuit was initiated through a whistleblower complaint that was filed in 2014 by the network’s former Chief Financial Officer. The suit alleged that, between 2008 and 2009, the network recruited hundreds of…
Neurosurgeon Settles FCA Allegations for $825,000
The U.S. Department of Justice (DOJ) recently announced a settlement with a Missouri neurosurgeon and his fiancée regarding alleged violations of the False Claims Act (FCA) and Anti-Kickback Statute (AKS). The parties agreed to pay $825,000 to settle the case.
The neurosurgeon and his fiancée were accused of receiving impermissible kickbacks from spinal implant companies…
Arizona Hospital Pays $1.25 Million in HIPAA Settlement After Cyber Attack
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.
The incident occurred in 2016 when a hacker gained access to…