State AG Sues Medical Collection Agency Over Privacy Issues
Minnesota Attorney General Lori Swanson announced Thursday that her office has filed a lawsuit against a debt collection agency that alleges the firm failed to protect the confidentiality of patient health care records.
In addition to the patient privacy complaints, Swanson levied some extraordinary allegations about the company’s business practices and its relationship with healthcare provider clients.
“The debt collector found a way to essentially monetize portions of the revenue and health care delivery systems of some nonprofit hospitals for Wall Street investors, without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential,” said Attorney General Swanson. “Accretive showcases its activities to Wall Street investors but hides them from Minnesota patients. Hospital patients should have at least the same amount of information about Accretive’s extensive role in their health care that Wall Street investors do.”
Swanson’s press release claims that on July 25, 2011, an employee of collection agency Accretive Health, Inc. left an unencrypted laptop containing sensitive information on 23,500 Minnesota patients of two Minnesota hospital systems — Fairview Health Services and North Memorial Health Care — in a rental car after 10 p.m. in the parking area of the Seven Corners bar and restaurant district of Minneapolis. The laptop was stolen.
Swanson’s lawsuit includes a “screen shot” that Fairview sent to a Minnesota patient who requested to know the data about the patient that was on the laptop. The screen shot has personal identity information, such as the patient’s name, address, date of birth, and Social Security number. It also includes a checklist to denote whether the patient has 22 different chronic medical conditions and, if so, the condition of the patient. The screen shot also includes numeric scores to predict the “complexity” of the patient and the probability of an inpatient hospitalization, and a box to describe the “frailty” of the patient.
The lawsuit, filed in United States District Court in Minnesota, alleges that Accretive violated state and federal health privacy laws, state debt collection laws (although no specific examples are given), and state consumer protection laws. It seeks an order requiring Accretive to fully disclose to patients: (1) what information it has about Minnesota patients; (2) what information it has lost about Minnesota patients; (3) where and to whom it has sent information about Minnesota patients; (4) the purposes for which it amasses and uses information about Minnesota patients.
Swanson also went to great lengths in the announcement to explain the corporate structure of Accretive and its investors, and ties to former ARM companies. But the attorney general made no allegations about wrongdoing in relation to the business structure.
Many Debt Collectors violate numerous laws, especially the Fair Debt collection Practice Act.
First… check out any state law which requires Debt Collectors to be licensed in that state…the state of their domicile, or your state.
A Tennessee friend of mine received a dunning letter from a California based Debt Collector, claiming to be licensed with “the department of commerce and insurance”…Unfortunately for them…they made two “false and misleading statements” in that one sentence…(1) CALIFORNIA DOESN’T REQUIRE LICENSE
(2) THEY ARE NOT LICENSED AND BONDED IN TENNESSEE !
I suggested to my friend that it “was time to break out the yellow notepad, and start listing all the violations…including the possibility of violating US Code Title 18 Chapter 63 ( Mail Fraud & Swindles). In any event , they are guilty of a CLASS C MISDEMEANOR and possibly “criminal charges”…depending on what mood the Tennessee State Attorney General is in.
The State of Tennessee has held that ” no one can commence or conduct business as a Debt collector in this state, unless they are licensed and bonded in TENNESSEE in accordance with Tenn Law”…now enter The State Attorney General…who has authority to prosecute anyone who violates Civil or Federal Law.
How about it Debt Collectors…if you want to play ball in our state..you gotta play by our rules…otherwise, it will be in your best interest to stay home ! You might wish to check out Tenn Fair Debt Collection Practices Act 62-20-127 and 127(a) as amended…before you get too excited about visiting our state !
If HHS gets involved, this could really hurt the violator AND the industry.
Your quote below…
“Swanson’s lawsuit includes a “screen shot” that Fairview sent to a Minnesota patient who requested to know the data about the patient that was on the laptop. ”
Why did the debt collector send patient info to the same patient? I’m curious how that conversation went.
A problem with this scenario is scumbag companies like Chase Bank could use this info to put the screws on hospital patients, something they appear to have done back in 2009 and 2010 and apparently did not get caught doing.