FDA |

Criminal IV Tampering Charges Against Anesthesiologist Highlight Exposures Providers And Their Facilities Can Face From Team Members Retaliatory or Other Misdeeds

September 15, 2022

The arrest and criminal charges against Dallas anesthesiologist Raynaldo Rivera Ortiz Jr. (“Dr. Ortiz”) announced September 15, 2022 highlight the advisability of health care facilities and providers to use care to use appropriate monitoring and other safeguards to protect patients and other critical operations against potential retaliatory misconduct during professional peer review or other investigation or discipline of health care professionals or other members of their workforces.

Dr. Ortiz was arrested in Plano, Texas on Wednesday, September 14, 2022 and is scheduled to make his initial court appearance on Friday, September 16, 2022 on federal felony criminal charges that he caused the death of a patient and surgical emergencies of other patients by intentionally tampering with a consumer product and intentional drug alteration.

According to the by Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, and U.S. Attorney for the Northern District of Texas Chad E. Meacham, Dr. Ortiz was arrested and charged via criminal complaint with tampering with a consumer product causing death and intentional drug adulteration.

According the criminal complaint, on June 21, 2022, a 55-year-old female coworker of Dr. Ortiz, experienced a medical emergency and died immediately after treating herself for dehydration using an IV bag of saline taken from a Baylor Scott & White operated surgical center. An autopsy report revealed that she died from a lethal dose of bupivacaine, a nerve blocking agent that is rarely abused but is often used during the administration of anesthesia.

Two months later, on August 24, 2022, an 18-year-old male patient experienced a cardiac emergency during a routine sinus surgery. The teen was intubated and transferred to a local ICU. Chemical analysis of the fluid from a saline bag used during his surgery revealed the presence of bupivacaine, epinephrine (a stimulant), and lidocaine, drugs that could have caused the patient’s sudden symptoms.

According to the complaint, surgical center personnel concluded that the incidents involving both patients suggested a pattern of intentional adulteration of IV bags used at the surgical center.

The surgical center personnel also identified 10 additional unexpected cardiac emergencies that occurred during otherwise unremarkable surgeries between May and August 2022, which the criminal complaint alleges is an exceptionally high rate of complications over such a short period of time. According to the criminal complaint, medical personnel in each of those additional 10 cases only were able to stabilize the patient through use of emergency measures. Most of the incidents occurred during longer surgeries that used more than one IV bag, including one or more bags retrieved mid-surgery from a stainless steel bag warmer.

Surveillance video from the center’s operating room hallway allegedly also shows Dr. Ortiz placing IV bags into the stainless-steel bag warmer shortly before other doctors’ patients experienced cardiac emergencies. The complaint alleges that in one instance captured in the surveillance video, agents observed Dr. Ortiz walk quickly from an operating room to the bag warmer, place a single IV bag inside, visually scan the empty hallway, and quickly walk away. Just over an hour later, according to the complaint, a 56-year-old woman suffered a cardiac emergency during a scheduled cosmetic surgery after a bag from the warmer was used during her procedure. The complaint also states that in another instance, agents observed Dr. Ortiz exit his operating room carrying an IV bag concealed in what appeared to be a paper folder, swap the bag with another bag from the warmer, and walk away. Roughly half an hour later, a 54-year-old woman suffered a cardiac emergency during a scheduled cosmetic surgery after a bag from the warmer was used during her procedure.

According to the complaint, none of the cardiac incidents occurred during Dr. Ortiz’s surgeries, and that the series of emergencies began just two days after Dr. Oritz was notified of a disciplinary inquiry stemming from an incident during which he allegedly “deviated from the standard of care” during an anesthesia procedure when a patient experienced a medical emergency. The complaint alleges that all of the incidents occurred around the time Dr. Ortiz performed services at the facility, and no incidents occurred while Dr. Ortiz was on vacation.

The complaint further alleges that Dr. Ortiz, who had a history of disciplinary actions against him, expressed concern to other physicians over the disciplinary action at the facility and complained the center was trying to “crucify” him. A nurse who worked on one of Dr. Ortiz’s surgeries allegedly told law enforcement that Dr. Ortiz refused to use an IV bag she retrieved from the warmer, physically waving the bag off.

“Our complaint alleges this defendant surreptitiously injected heart-stopping drugs into patient IV bags, decimating the Hippocratic oath,” said U.S. Attorney Chad E. Meacham in the Department of Justice announcement of the charges. The criminal charges stemmed from these findings.

The Justice Department announcement reminds readers that a criminal complaint is merely an allegation of criminal conduct, not evidence. Dr. Ortiz is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. If convicted, however, Dr. Ortiz faces a maximum penalty of life in prison.

Both Dr. Ortiz and the surgical facility are exposed to potential liability as a result of the alleged charges. Aside from the pending criminal charges, Dr. Ortiz also almost certainly could face potential peer review and licensing board disciplinary investigation, as well as civil lawsuits.

In addition to these liability exposures for Dr. Ortiz, the surgical facility and other providers also could face civil or potentially even criminal liability.

It seems almost inevitable that the facility and potentially some other providers might be drawn into civil lawsuits brought by affected patients and their families allegedly injured or place at risk by the alleged actions by Dr. Ortiz, as well as licensing and/or accreditation investigation arising from the alleged events.

Because Dr. Ortez’s alleged Actions constitute federal felonies, the Federal Sentencing Guidelines sentencing and organizational liability rules apply. The Sentencing Guidelines will apply to determine the sentence imposed if Dr. Ortez ultimately is convicted. In addition, the Sentencing Guidelines organizational liability provisions also raise a risk of criminal charges against the facility or other parties with knowledge or other imputed responsibility. Under the organizational guidelines, organizations can have imputedliability for the criminal acts committed by the members of their workforce. However whether criminal charges will be pursued against the organization and the level of culpability and resulting liability is determined based upon both whether the organization took appropriate steps to prevent the misconduct before it happened and the extent to which the organization acted promptly in its investigation and redress of the conduct. The apparent actions of the surgical center and its leader ship to investigate, report, and cooperate in the investigation with federal officials are likely to mitigate if not resolve their criminal exposure.

Organizations and their leaders should treat the charges against Dr. Ortiz as a reminder, at minimum carefully to credential and monitor team members including doctors or other non-employer actors working in or with their facilities, to establish appropriate safeguards to prevent and identify quickly mistakes or intentional conduct, to monitor and enforce those safeguards, and to take appropriate prompt action to investigate concerns and redress and if necessary report misconduct with the advice of counsel.

When dealing with position performance and discipline concerns, facilities typically must carefully negotiate applicable contractual and workforce issues as well as the procedural and due process requirements of applicable medical staff bylaws and federal and state peer review and discipline statutes and regulations and medical staff discipline rules.

When a medical staff member protected by peer review or other procedural safeguards commits behaviors that raise a material and continuing threat to the health and safety of patients or the public, summary suspension may be necessary. When considering or taking an action to summarily suspend a healthcare provider, however, facilities and their medical staff leaders should document both the grounds for the patient safety concerns and need for immediate action and scrupulously follow the summary suspension procedures.

Along with seeking to prevent and mitigate these legal risks, Facilities and other providers also need to consider white reporting obligations they may bear under applicable statutes, regulations and contracts.

While managing these legal risks, facilities and other involved parties also need to anticipate media and public concern about the occurrences. Facilities and their leaders should anticipate and be prepared to work in conjunction with qualified legal counsel and experienced qualified public relations experts to decide when, what, and how to communicate with the public in the media about these types of events to avoid is there a bold minefield of traps created by privacy laws, evidentiary and other legal risk management concerns, and the management of relationships with other members of the medical staff and workforce, business partners, insurance, and the public.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and managed care industry legal, public policy and operational concerns.

Ms. Stamer’s work throughout her 35 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has worked extensively on workforce and medical staff credentialing, management, investigation, peer review and discipline, and reporting and remediation of criminal or other activity to regulatory officials.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | Academic medicine, Ambulatory care, Anethesiology, Conditions of Participation, Corporate Compliance, Credentialing, Doctor, Employer, Employment law, FDA, Federal Sentencing Guidelines, Fiduciary Responsibility, Health Care, Health Care Provider, Health Care Quality, Home Health, home health, Hospice, Hospital, hospitals, nursing home, OIG, Physician, Physician Licensing, physician licensure, Prescription Drugs, quality repoting, retaliation, Skilled Nursing Facility, Whistleblower | Tagged: ortiz | Permalink
Posted by Cynthia Marcotte Stamer

Protect Remote Desktop Protocols From Malware Threat

July 1, 2022

As Americans prepare to celebrate the July 4th holiday, CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are warning of a cyber threat for Remote Desktop users. Health care, health plan, healthcare clearing houses, their business associates and other security sensitive organizations using remote access technology should perform and document their risk assessment and any corrective actions taken as part of their continuing Health Insurance Portability and Accountability Act (“HIPAA”), Fair and Accurate Credit Transactioms Act (FACTA”), government contracting, securities law, and other data security compliance.

The joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, published July 1 alerts of the risk of MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks.

CISA, FBI, Treasury and FinCEN are encouraging network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

Prioritize remediating known exploited vulnerabilities.
Train users to recognize and report phishing attempts.
Enable and enforce multifactor authentication.

When assessing Remote Desktop protocol risks, covered entities, business associates and other security concerned organizations also should examine their exposures to other vulnerabilities.

A key resource for monitoring some of these vulnerabilities is the CISA Known Exploited Vulnerabilities Catalog, which lists exposures based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk federal enterprises. CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

The Department of Health & Human Services Office of Civil Rights (‘“OCR”) guidance and enforcement makes clear covered entities and business associates must monitor and take appropriate actions to update their security in response to emerging cyber security threats.

Along with monitoring and responding to this and other security threats, covered entities also should add reviewing and updating their HI-AA practices in response to new guidance OCR issued this week in response to the Supreme Court Dobbs vs. Jackson Women’s Health Organization abortion ruling. The HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care guidance generally addresses when the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule restricts or allows individuals’ private medical information (known as “protected health information” or “PHI”) relating to abortion and other sexual and reproductive health care. For more details, see here.

Beyond HIPAA, malware and other data or system security breaches and susceptibilities can create liability risks under tax, securities, government contracting, FACTA and a wide range of federal and state laws. For instance, with cybersecurity threats and compliance concerns growing, the SEC is prioritizing cybersecurity regulation, investigation and enforcement against public companies and other market participants for lack cybersecurity governance, safeguards or disclosures. See e.g., SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Along announcing its commitment to hold market involved and impacting regulated entities accountable for failing to maintain and enforce appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, training and awareness, investor disclosures and other practices.

Healthcare providers and other covered entities, their business associates and others with data security responsibilities or sensitivities should respond promptly and carefully document their risk analysis and response in response to these emerging concerns.