The Associated Press reports on a lawsuit concerning patient privacy in Minnesota:
Attorney General Lori Swanson sued a debt collection agency that works with two Minnesota hospitals on Thursday, saying it failed to keep health care records for tens of thousands of patients confidential and did not tell patients just how much it was involved in their health care.
The lawsuit against Accretive Health Inc., a Chicago-based company that works with hospitals to maximize revenue, comes after an Accretive employee had a laptop stolen in July that contained the data of 23,500 patients of Fairview Health Services and North Memorial Health Care.
As authorities were investigating, they discovered Accretive had access to patient data through contracts with the hospitals, and used that data to assess patients’ “frailty” or risk of becoming hospitalized. Swanson said the agency shared its activities with investors on Wall Street “without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential.” […]
The lawsuit claims Accretive violated state and federal health privacy laws, and state debt collection and consumer protection laws. It seeks an order that would require Accretive to tell patients what information it has on them, what information it lost, where it sent the information, and why it has the information in the first place.
It also seeks an injunction that would restrict how Accretive treats and uses patient data in the future. […]
Larry Taylor, chief executive of North Memorial Health Care, said the lawsuit is between the state and Accretive, and that information about North Memorial patients did not contain information such as Social Security numbers, credit card numbers, or home addresses. […]
After the laptop was stolen, a patient requested information about the data, which was unencrypted. According to a “screen shot” sent to the patient, the laptop contained identifying information such as the patient’s name, address, birthdate and Social Security number. It also included a checklist noting whether a patient has 22 different chronic medical conditions, ranging from HIV to seizure disorders.
The screen shot included numeric scores to predict the complexity of a patient’s needs and the probability of hospitalization.
“A mental health disorder … can subject patients to stigma. A physical disorder can disqualify people for jobs. HIV status can subject people to discrimination,” Swanson said. “Simply put, medical confidentiality is one of the most sacred rights, and if medical information isn’t privileged and confidential, people are going to be reluctant to seek treatment.”