DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Attorney General Swanson Sues Accretive Health for Patient Privacy Violations

Posted on January 20, 2012 by Dissent

Minnesota Attorney General Lori Swanson filed a lawsuit yesterday against Accretive Health, Inc., a debt collection agency that is part of a New York private equity fund conglomerate, for failing to protect the confidentiality of patient health care records and not disclosing to patients its extensive involvement in their health care through its role in managing the revenue and health care delivery systems at two Minnesota hospital systems.

Last July, Accretive lost a laptop computer containing unencrypted health data about 23,500 patients in Minnesota.  The lawsuit alleges that Accretive gained access to sensitive patient data through contracts with the hospitals and numerically scored patients’ risk of hospitalization and medical complexity, graded their “frailty,” compiled per-patient profit and loss reports, and identified patients deemed to be “outliers.”

“The debt collector found a way to essentially monetize portions of the revenue and health care delivery systems of some nonprofit hospitals for Wall Street investors, without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential,” said Attorney General Swanson.

Attorney General Swanson added:  “Accretive showcases its activities to Wall Street investors but hides them from Minnesota patients.  Hospital patients should have at least the same amount of information about Accretive’s extensive role in their health care that Wall Street investors do.”

On July 25, 2011, an Accretive employee left an unencrypted laptop containing sensitive information on 23,500 Minnesota patients of two Minnesota hospital systems–Fairview Health Services and North Memorial Health Care–in a rental car after 10 p.m. in the parking area of the Seven Corners bar and restaurant district of Minneapolis.  The laptop was stolen.   The lawsuit includes a “screen shot” that Fairview sent to a Minnesota patient who requested to know the data about the patient that was on the laptop.  The screen shot has personal identity information, such as the patient’s name, address, date of birth, and Social Security number.  It also includes a checklist to denote whether the patient has 22 different chronic medical conditions and, if so, the condition of the patient.  The medical conditions on the “checklist” include three mental health conditions (depression, bipolar disorder and schizophrenia); HIV; lung conditions like asthma; heart disease like high blood pressure and chronic heart failure; neurological diseases like Parkinson’s and seizure disorders; and metabolic disorders like diabetes and hypothyroidism. The screen shot also includes numeric scores to predict the “complexity” of the patient and the probability of an inpatient hospitalization, and a box to describe the “frailty” of the patient.

Accretive gained access to data about patients through two types of contracts with hospitals:  (1) “Revenue cycle operations” contracts with Fairview and North Memorial; and (2) a “Quality and Total Cost of Care” contract with Fairview.  Under both contracts, Accretive controls and directs the work of hospital employees and “infuses” its own employees into the staffs of the hospitals.  Accretive receives base compensation and incentive pay for helping the hospitals boost revenue or cut costs.

Accretive has told Wall Street investors that its revenue cycle operations contract starts “when a patient registers for future service or arrives at a hospital or clinic for an unscheduled visit” and ends when “the hospital has collected all the appropriate revenue from all possible sources.”  Through these contracts, Accretive controls the revenue functions of the hospitals, including front office (patient access), middle office (billing), and back office (collections) functions.  It reports to Wall Street investors that it carries out these functions using “data mining,” “consumer behavior modeling,” and “propensity to pay” algorithms.

The second contract is the Quality and Total Cost of Care (QTCC) contract.  Fairview is the only hospital in the country that has a QTCC contract with Accretive, according to Accretive’s most recent annual report to investors.  As of Accretive’s September 30, 2011 financial statement, over 13 percent of Accretive’s service revenue for the first three quarters of 2011 (which, according to financial figures of Accretive, would be over $75 million) came from Fairview.  According to Accretive, it manages Fairview’s “total cost of care,” including through: development of risk scores on individual patients; automated care plans; case management; medical necessity reviews; pharmacy management; length of stay management; discharge planning; population based management; and analytics and reporting of utilization by patient, per patient profit and loss reports, and identification of patient “outliers.”

Accretive tells investors that, under the QTCC, it engages in:

  • Risk scoring of patients
  • Has an “intense focus” on “reducing avoidable hospital admissions”
  • Identifies the “sickest and most impactable patients” for “proactive management”
  • Identifies “real-time interventions with significant revenue or cost impact”

Under the QTCC contract, Accretive helps Fairview negotiate contracts with HMOs and insurance companies under which Fairview receives incentive pay to cut costs.  Accretive then receives a share of the hospital’s incentive pay.

The lawsuit, filed in United States District Court in Minnesota, alleges that Accretive violated state and federal health privacy laws, state debt collection laws, and state consumer protection laws.  It seeks an order requiring Accretive to fully disclose to patients: (1) what information it has about Minnesota patients; (2) what information it has lost about Minnesota patients; (3) where and to whom it has sent information about Minnesota patients; (4) the purposes for which it amasses and uses information about Minnesota patients.  The lawsuit also asks Accretive to disclose whether it has sent health data about Minnesota patients to its so-called “Shared Services Blended Shore Center of Excellence” in New Delhi, India.  The lawsuit further seeks an injunction that restricts how Accretive treats and uses patient data going forward and to hold Accretive accountable for its violations of state and federal health privacy laws, debt collection laws, and consumer fraud laws.

Accretive is licensed as a debt collection agency in Minnesota.  Last year it raised over $100 million in a public securities offering.  As noted above, Accretive Health is a portfolio company of Accretive, LLC, a Wall Street private equity fund with a controversial history in Minnesota relating to the arbitration and collection of consumer debts.  In 2009 the Minnesota Attorney General’s Office sued the National Arbitration Forum—the nation’s largest consumer credit arbitration company—for telling consumers and courts that it independently and neutrally decided consumer credit cases when, in fact, it was affiliated with a New York private equity fund that owned the major debt collection enterprise that filed cases with the Forum.  That equity fund was Accretive, LLC, and it set up the enterprise in which it simultaneously took control of the nation’s largest debt collection enterprise and became affiliated with the Forum.  In the wake of the lawsuit, the National Arbitration Forum was banned from arbitrating consumer credit disputes, and the debt collector owned by Accretive, LLC shut down.  Accretive, LLC (the master equity fund), however, survived, and Accretive Health is one of its portfolio companies.

Source:  Attorney General Lori Swanson

Category: Health Data

Post navigation

← Follow-up: 8 years for last conspirator in ’09 credit fraud
TX: Personal documents found in trash can →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.