Lawsuits Filed for Alleged HIPAA and HITECH Act Violations
Two lawsuits have been filed against healthcare organizations over alleged HIPAA and HITECH Act violations.
60 Hospitals Named in Lawsuit Alleging HITECH Act Violations
A recently unsealed complaint, filed in a U.S. District Court in Indiana in 2016, seeks more than $1 billion in damages from 60 hospitals that received HITECH Act meaningful use incentive payments for transitioning to electronic health records, yet failed to meet the requirements of the HITECH Act with respect to providing patients, and their legal representatives, with copies of health records promptly on request.
In order to receive incentive payments, one of the requirements was for hospitals to attest that for at least 50% of patients, they were able to provide copies of medical records within 3 business days of requests being submitted. When copies of health records are requested, the HITECH Act only permits healthcare organizations to charge for labor costs for supplying copies of records.
Michael Misch and Bradley Colborn, attorneys with Anderson, Agostino & Keller, P.C., of South Bend Indiana, investigated hospitals after growing frustrated with the delay in obtaining copies of health records at their clients’ request, and over the amounts being charged for copies of health records.
The aim of the investigation was to streamline requests, reduce the time taken to obtain copies of health records, and reduce the cost of accessing those records. However, the investigation revealed that many hospitals were failing to meet the requirements of the HITECH Act, even though they had received incentive payments for compliance.
In the complaint, it is alleged that 60 hospitals received payments of $324.4 million in HITECH Act grant funding, yet failed to meet the requirements of the HITECH Act when it came to providing copies of health records of patients. The lawsuit also alleges the hospitals violated the Anti-Kickback Statute and the False Claims Act; falsely claiming compliance with HITECH Act to gain access to public funding.
Patient Sues BJC Health System Over Barnes-Jewish Hospital Breach
A patient whose protected health information was exposed as a result of a security breach at Barnes-Jewish Hospital in St. Louis, MO, has filed a complaint in the St. Louis Circuit Court against the hospital operator, BJC Health System.
Megan L. Rosemann claims BJC Health System allowed unauthorized individuals to gain access to the protected health information of patients and failed to adequately protect patient data. She alleges BJC Health System was negligent and breached its fiduciary duty.
Rosemann claims the exposure of her information places her at an increased risk of identity theft, abuse, and exploitation. The lawsuit names Rosemann as the plaintiff, along with other individuals affected by the breach. Rosemann is seeking a class certification and trial by jury. A jury trial has been scheduled for May 14, 2018.
BJC Healthcare reported the unauthorized accessing of an email account to the Department of Health and Human Services’ Office for Civil Rights on February 26, 2016. The breach impacted 2,393 patients. The case is still marked as under investigation by OCR.