January 23, 2012
Lawsuit: Debt collector broke patient privacy laws
MINNEAPOLIS — Attorney General Lori Swanson sued a debt collection agency that works with two Minnesota hospitals on Thursday, saying it failed to keep health care records for tens of thousands of patients confidential and did not tell patients just how much it was involved in their health care.
The lawsuit against Accretive Health Inc., a Chicago-based company that works with hospitals to maximize revenue, comes after an Accretive employee had a laptop stolen in July that contained the data of 23,500 patients of Fairview Health Services and North Memorial Health Care.
As authorities were investigating, they discovered Accretive had access to patient data through contracts with the hospitals, and used that data to assess patients' "frailty" or risk of becoming hospitalized. Swanson said the agency shared its activities with investors on Wall Street "without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential."
Francesca Luthi, spokeswoman for Accretive, said the company will work with the state to resolve the matter.
"We have already enhanced our security procedures to ensure that all patient information is fully protected and secure," Luthi said. "There is no evidence that any data has been improperly accessed."
The lawsuit claims Accretive violated state and federal health privacy laws, and state debt collection and consumer protection laws. It seeks an order that would require Accretive to tell patients what information it has on them, what information it lost, where it sent the information, and why it has the information in the first place.
It also seeks an injunction that would restrict how Accretive treats and uses patient data in the future.
When asked why Accretive has the information about patients, Luthi said the company is reviewing the complaint and she had no additional comment.
Swanson said she will follow up with the hospitals, but no action has been taken against them.
Larry Taylor, chief executive of North Memorial Health Care, said the lawsuit is between the state and Accretive, and that information about North Memorial patients did not contain information such as Social Security numbers, credit card numbers, or home addresses.
Fairview Health Services said it remains committed to "improving patient outcomes, improving the patient experience and lowering the cost of care."
"We are redoubling our efforts to safeguard our patients' health information," Fairview's statement said. "We are also working to ensure that all of our partners and vendors are doing the same."
Swanson said she has spoken with some of the patients whose data was released. All received a notice as required by law last fall, but they might not know their information was rated, she added.
After the laptop was stolen, a patient requested information about the data, which was unencrypted. According to a "screen shot" sent to the patient, the laptop contained identifying information such as the patient's name, address, birthdate and Social Security number. It also included a checklist noting whether a patient has 22 different chronic medical conditions, ranging from HIV to seizure disorders.
The screen shot included numeric scores to predict the complexity of a patient's needs and the probability of hospitalization.
"A mental health disorder ... can subject patients to stigma. A physical disorder can disqualify people for jobs. HIV status can subject people to discrimination," Swanson said. "Simply put, medical confidentiality is one of the most sacred rights, and if medical information isn't privileged and confidential, people are going to be reluctant to seek treatment."
Swanson said Accretive gained access to the data through contracts with the hospitals. Swanson said as part of the contracts, Accretive has staff in hospitals, and largely controls the hospitals' "revenue cycles" — including scheduling, registration and billing.
The attorney general said Accretive tells investors the cycle starts when a patient registers for services or goes to the hospital and ends when the hospital has collected funds from all possible sources. Accretive tells investors it uses techniques such as data mining and "propensity to pay" algorithms.
Accretive receives compensation and incentive pay for helping hospitals boost revenue or cut costs, Swanson said.
The company also has a second contract with Fairview in which it manages the hospital's total cost of care, the lawsuit said. Accretive tells investors that as part of this contract, it scores the risk of patients and tracks profit loss by patient. It also reduces avoidable hospital admissions and identifies the sickest patients for proactive management.
Fairview is the only hospital in the country that has this contract with Accretive, Swanson said. As part of it, Accretive also helps Fairview negotiate contracts with HMOs and insurance companies under which Fairview gets incentive pay to cut costs.
Dr. Deborah Peel, founder of the nonprofit group Patient Privacy Rights in Austin, Texas, called this case "outrageous." She said even when conducting analysis, outside companies should not see identifying information about patients.
And while similar things are happening nationwide, she said Accretive's activity is particularly egregious because the data could have been used to improve care, but was instead used to figure out who is able to pay for care and who isn't.
"These people are all fulfilling what is every American's worst nightmare, which is using health data to discriminate against you and keep people from getting treatment," she said.
The above statements do not represent those of Weston Legal or Michael Weston and they have not been reviewed for accuracy. The statements have been published by a third party and are being linked to by our website only because they contain information relating to debt. Nothing in this article should be construed as legal advice given by Weston Legal or Michael Weston. To view the source of the article, please following the link to the website that published the article. Articles written by Michael W. Weston can be viewed here: To report any problem with this article please email creditcardlawsuit@westonlegal.com
713.623.4242
866-579-6411
