Accretive Health Responds to LawsuitFiles Motion to Dismiss in Case Tied to Breach
Accretive Health Inc., a Chicago-based medical debt collection agency, has filed a motion to dismiss the Minnesota attorney general's lawsuit against the company that stems, in part, from a data breach incident involving a stolen unencrypted laptop.
See Also: The Global State of Online Digital Trust
Meanwhile, Sen. Al Franken, D-Minn., is launching an investigation into the issues surrounding the Accretive Health case, and Rep. Pete Stark, D-Calif., is calling on federal regulators to crack down on what he portrays as abusive debt collection techniques in healthcare.
Also, a New York law firm has filed a securities class action lawsuit in the case, according to Legal Newsline.
Accretive Health's Reply
In a news release announcing its motion to dismiss, Accretive Health contends that under HIPAA and the Minnesota Health Records Act, "A company cannot be held liable for the unforeseeable criminal act of a third party stealing a corporate laptop. Further, in the 10 months since the laptop was stolen, there is no evidence ... that any patient data has been compromised."
The Accretive breach, however, is included in the official federal tally of major breaches reported under the HIPAA breach notification rule. A majority of breaches reported so far, in fact, have involved the loss or theft of unencrypted devices or media. Incidents involving properly encrypted information, such as the theft of an encrypted laptop, do not have to be reported to federal authorities because the information is not considered to be at risk.
The Accretive release also claims that Attorney General Lori Swanson's consumer fraud claims against the company are baseless. Its website also contains a detailed statement alleging Swanson inaccurately described the company's business practices.
On April 25, Swanson issued a six-volume investigative report on Accretive in connection with the lawsuit, describing "high-pressure" collection tactics.
In January, Swanson had announced a lawsuit against Accretive that cited its collection practices as well as its role in a breach incident affecting about 20,000 patients at two hospitals in the state (see: Breach Tally Surpasses 19 Million). An unencrypted laptop was stolen from the parked rental car of an Accretive employee. It contained healthcare information, as well as some Social Security numbers and other personal data, on patients treated at Fairview Health Services and North Memorial Health Care.
The suit alleges Accretive violated state and federal health privacy laws as well as state debt collection laws and state consumer protection laws.
Franken, chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, plans to launch an investigation into the issues surrounding Accretive Health, according to a statement on his website. "I am alarmed by the activities of Accretive Health, outlined in Attorney General Swanson's report," Franken says. "If these allegations are true - and I do want to hear all sides of this story - they would be an affront to the health, privacy and dignity of Minnesotans."
In addition, Stark, has called on the Centers of Medicare & Medicaid Services and the Department of Health and Human Services Office of the Inspector General to crack down on abusive debt collection techniques being practiced by contractors inside hospitals.