Sixth Circuit Shuts Down End Run By Plaintiff Using A HIPAA Breach To Claim Violations Of The False Claims Act
Written by: Richard Sheinis, Esq.
The Sixth Circuit Court of Appeals recently upheld a dismissal of a lawsuit in which a plaintiff tried to use the improper accessing of her protected health information (“PHI”) as a basis for a claim under the False Claims Act. In Sheldon v. Kettering Health Network, 2016 U.S. App. LEXIS 4236 (2016), Sheldon had received a letter from Kettering informing her of an improper disclosure of her PHI. Her lawsuit argued that this disclosure was evidence of Kettering’s failure to implement policies and procedures to keep her information safe, as required by HIPAA and HITECH. Sheldon’s lawsuit went on to claim that Kettering falsely certified its compliance with the HITECH requirements in order to receive meaningful use incentive payments. Since the incentive payments were allegedly received based upon a false certification of compliance, Sheldon claimed that Kettering violated the False Claims Act. The Sixth Circuit wisely upheld the dismissal of the lawsuit.
The Court stated that the breach of Sheldon’s PHI did not necessarily mean that Kettering had violated HITECH or HIPAA. The Court stated that the regulations clearly contemplate occasional breaches of PHI, even when all regulations are followed. The regulations do not impose a strict liability standard that requires hospitals to prevent all breaches of PHI. Since breaches can occur even when a hospital complies with all regulations, the fact that a breach occurred did not mean that Kettering falsely represented that it was in compliance with HIPAA and HITECH.
The Court’s decision bodes well for future cases in which plaintiffs attempt to argue that a breach of PHI necessarily means that the medical provider did not comply with HIPAA. Undoubtedly, plaintiffs’ attorneys will try to find other ways to make an end run around HIPAA specifically stating that a violation of the regulations does not provide for a private cause of action.
Leave a comment
You must be logged in to post a comment.