Minn. AG alleges debt collector didn't protect confidentiality
SAINT PAUL, Minn. (Legal Newsline) - Minnesota Attorney General Lori Swanson filed a lawsuit on Thursday against the debt collection agency Accretive Health Inc. for allegedly failing to protect patient health care confidentiality.
Accretive Health, which is part of a New York private equity fund conglomerate, also allegedly failed to disclose to patients its extensive involvement in their health care due to its role in managing the health care delivery systems and revenue at two Minnesota hospital systems.
Accretive allegedly lost a laptop computer that contained the unencrypted health data of approximately 23,500 patients in Minnesota in July. Swanson's lawsuit alleges that Accretive gained access to patient data that was sensitive through contracts with the hospitals and used a numerical score to determine patients' risk of hospitalization and medical complexity. The lawsuit also alleges that the company graded patients' "frailty," compiled per-patient loss and profit reports and identified patients that were deemed "outliers."
"The debt collector found a way to essentially monetize portions of the revenue and health care delivery systems of some nonprofit hospitals for Wall Street investors, without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential," Swanson said.
"Accretive showcases its activities to Wall Street investors but hides them from Minnesota patients. Hospital patients should have at least the same amount of information about Accretive's extensive role in their health care that Wall Street investors do."
On July 25, an employee with Accretive allegedly left an unencrypted laptop that contained sensitive information on 23,500 Minnesota patients of two Minnesota hospital systems, North Memorial Health Care and Fairview Health Services, in a rental car. The laptop was subsequently stolen.
The lawsuit includes a screen shot that Fairview allegedly sent to a Minnesota patient who requested to know the patient's data that was on the laptop. The screen shot allegedly included personal identity information, such as the patient's Social Security number, name, address and date of birth. It also allegedly included a checklist to show whether the patient has 22 different chronic medical conditions and, if so, what the current condition of the patient was.
Accretive allegedly gained access to data about patients through two types of contracts with hospitals. The first was through revenue cycle operations contracts with North Memorial and Fairview and the second was a Quality and Total Cost of Care contract with Fairview. Under the contracts, Accretive allegedly directed and controlled the work of hospital employees and infused its own employees into the hospital staffs. Accretive allegedly received base compensation and incentive pay for aiding the hospitals in boosting revenue or cutting costs.
Accretive allegedly told Wall Street investors that its revenue cycle operations contract starts "when a patient registers for future service or arrives at a hospital or clinic for an unscheduled visit" and ceases when "the hospital has collected all the appropriate revenue from all possible sources."
Under the terms of these contracts, Accretive allegedly controlled the revenue functions of the hospitals, including patient access, billing and collections. The company has allegedly reported to Wall Street investors that it carries out these functions using algorithms related to data mining, consumer behavior modeling and propensity to pay.