DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Accretive moves to dismiss AG's law suit

Posted on April 30, 2012 by Dissent

John O’Brien recaps the Accretive Health news reported on this blog last week (here, here, and here):

 A New York City law firm has followed up on Minnesota Attorney General Lori Swanson’s lawsuit against Accretive Health, filing a securities class action suit against the company.

In January, Swanson filed a suit against Accretive, a Chicago company that engages in medical debt collection, for allegedly failing to protect patient health care confidentiality. Last week, the firm Bernstein Liebhard initiated a shareholder suit that alleges the company and some of its executives failed to disclose they were violating health privacy laws.

Accretive’s stock plunged 42 percent last week after Swanson released a report on her investigation. It says the company may have violated state and federal laws by asking patients to pay their bills as they sought care.

But Accretive is fighting back and issued a press release today:

Accretive Health, Inc. today filed a motion to dismiss the Minnesota Attorney General’s Complaint in federal district court in Minnesota. The motion denies the Attorney General’s claims and requests that the Court dismiss the complaint, in its entirety, with prejudice. As stated in the motion, the Company believes “…the Attorney General’s First Amended Complaint includes allegations that are factually baseless and legally indefensible. What is worse is that rather than litigate this case in the courtroom, the Attorney General orchestrated a nationwide media campaign against Accretive Health.”

The motion includes the following grounds for dismissing the case:

1) The core of this case involves the criminal theft of a password-protected laptop. Under the federal Health Insurance Portability and Accountability Act (HIPAA) and the Minnesota Health Records Act, a company cannot be held liable for the unforeseeable criminal act of a third party stealing a corporate laptop. Further, in the ten months since the laptop was stolen, there is no evidence (and the Attorney General does not even claim) that any patient data has been compromised. As a result, in the absence of any injury, the Attorney General lacks legal standing to pursue claims under HIPAA and the Minnesota Health Records Act as a matter of law.

2) On February 3, 2012, Accretive Health entered into a Consent Order with the Minnesota Department of Commerce to address its debt collection practices in Minnesota. Accretive Health continues to work cooperatively with the Department of Commerce. Under fundamental principles of law, the Attorney General is barred from pursuing the identical claims already addressed by a fellow state official.

3) The Attorney General’s consumer fraud claims are baseless in fact and law. In particular, it is undisputed that information about Accretive Health’s Quality and Total Cost of Care (“QTCC”) services at Fairview Health System, aimed at developing strategies to reduce emergency room admissions and in-patient stays for the sickest five percent of patients, were widely disseminated to the public in securities filings and media accounts, defeating any fraud claim.

As with all litigation, no assurance can be provided as to the outcome of the matters discussed herein.

[…]

Interesting that they say, “Under the federal Health Insurance Portability and Accountability Act (HIPAA) and the Minnesota Health Records Act, a company cannot be held liable for the unforeseeable criminal act of a third party stealing a corporate laptop.” I would argue that theft of an unencrypted laptop from an unattended vehicle actually is a foreseeable act given how many reports of laptop thefts from cars have been reported in the media over the years.

We’ll see what the court says.

Category: Health Data

Post navigation

← ICANN to notify domain applicants of data breaches
Vol State: Personal information found vulnerable for 14,000 students, faculty →

2 thoughts on “Accretive moves to dismiss AG's law suit”

  1. Anonymous says:
    May 6, 2012 at 5:37 pm

    Accretive states it was an”password-protected laptop.” Is Accretive claiming that password protection means HIPAA compliant?

    Or is that statement to be attributed to ignorant legal representation or poor press release prose?

    1. Anonymous says:
      May 6, 2012 at 9:38 pm

      I doubt they are suggesting that password protection is sufficient. I think they’re focusing on the damages aspects of state attorney general provisions, but the statute says “threats” to residents, which a stolen unencrypted laptop does pose, in my opinion. And there are statutory damages that can be awarded. I don’t MN law, but I think the state AG can sue them under HIPAA.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.