The following is a press release issued by meridianEMR. Although it is mostly about alleged theft of trade secrets/software, it also includes allegations of risk to patient privacy:
meridianEMR®, the Livingston, New Jersey-based market leader in Electronic Health Records (EHR) for Urology, formally announces that on June 16, 2011 it filed a lawsuit against Intuitive Medical Software® (UroChart®), based in Springfield, Missouri. meridianEMR filed its suit in the U.S. District Court of New Jersey. The lawsuit contends that the defendants, including UroChart, obtained “access to meridianEMR’s data” and placed “patients in meridianEMR’s system at risk” and that the defendants, including UroChart, “have and have had unlawful access to patient information in violation of patient privacy rights.” In fact, meridianEMR’s complaint alleged that UroChart’s conduct was “willful and intentional with malice” and in violation of New Jersey’s Computer Related Offenses Act, among other claims.
The issue came to light when meridianEMR’s Advanced Monitoring System instantly detected certain copying activities on a practice’s meridianEMR server. This system is one part of the security measures that meridianEMR provides to help protect patient data. meridianEMR responded immediately by contacting the practice. Further investigation resulted in the lawsuit, currently underway, in which the court on June 16, 2011 entered a Temporary Restraining Order against UroChart.
[…]
The press release does not name the other defendant in the lawsuit, The Shappley Clinic. Yet according to court filings, meridianEMR alleges that its client’s “conduct of providing access to patient data to UroChart” puts millions of patients whose confidential data are stored on meridian’s servers at risk of privacy violation. The clinic did not respond to a request for a statement or comment on the lawsuit by the time of publication.
I’ve uploaded the plaintiff’s complaint and brief in the lawsuit as well as the declaration with the server logs introduced that allegedly demonstrate evidence of the clinic’s and UroChart’s misconduct.