Quantcast

LEGAL NEWSLINE

Tuesday, November 5, 2024

Attorney: Ohio HITECH case a 'misguided attempt' to invoke False Claims Act

CINCINNATI (Legal Newsline) – A now-dismissed whistleblower lawsuit over impermissibly accessed medical records that took an odd view of the HITECH Act wasn't exactly a misuse of the False Claims Act, an Indianapolis attorney says.

"I wouldn’t say it was a misuse of the FCA in the sense of being an abuse of process or a punishable offense," said Norman Tabler Jr. of the Indianapolis law firm Faegre Baker Daniels.

"I'd call it a mistaken and misguided attempt to apply the FCA to a situation that doesn’t involve any false claim."

The lawsuit, Sheldon vs Kettering Health Network, was brought by Vicki Sheldon, represented throughout by Cincinnati attorney Robert F. Croskey. Vicki Sheldon's whistleblower complaint alleged that Kettering Health Network violated the False Claims Act after her husband and his alleged girlfriend accessed her medical records without permission.

At the time, Duane Sheldon was a Kettering Health Network administrator and the woman with whom he allegedly was having an affair also was employed by the hospital system.

That claim, which Tabler said in a blog about the case "is the hands-down favorite to claim this month’s Most Imaginative Whistleblower Claim award," is based on the plaintiff's theory about the Health Information Technology for Economic and Clinical Health Act (HITECH).

The 2009 act provides financial incentives to health care providers for meeting “meaningful use” standards, including security safeguards, in their electronic health record systems, Tabler explained.

Kettering Health Network certified that it met the standards and received the incentive payments.

When Vicki Sheldon's then husband, Duane Sheldon, and his alleged girlfriend accessed Vicki Sheldon's medical records without permission, this proved HITECH's meaningful use standards were not met, according to plaintiff's claims in court records. The plaintiff also concluded that Kettering Health Network's certification must have been false and, therefore, an FCA violation.

Vicki Sheldon produced two letters she received from Kettering Health Network, alerting her that employees accessed her medical records without permission. She alleged that Kettering Health Network refused to provide specific information the breaches.

She also alleged that her daughter and grandson’s medical records likewise had been accessed and that their medical billing information was manipulated.

The plaintiff endured multiple dismissals after filing the qui tam action in federal court April 29 under the FCA, alleging Kettering Health Network falsely certified its compliance with certain HITECH Act provisions.

The U.S. District Court for the Southern District of Ohio dismissed the case, stating in a Jan. 6, 2015, ruling that Vicki Sheldon never claimed Kettering Health Network submitted any false claims to the government. Instead, Vicki Sheldon alleged that her ex-husband and his girlfriend accessed and shared with others her protected electronic health care information.

That decision held that Vicki Sheldon's claim that this isolated privacy breach constituted a HITECH violation was incorrect.

The district court also found Kettering Health Network compliant with HITECH and followed the act's instructions after the Sheldon breach was discovered. The court also was critical that much of Vicki Sheldon's argument was based on secondhand information.

Vicki Sheldon appealed the case to the U.S. Court of Appeals for the Sixth Circuit, which upheld the district court's ruling in an Aug. 14, 2015 decision.

Vicki Sheldon appealed to the Ohio Supreme Court but that court decided Feb. 10 not to accept her appeal for review.

The U.S. Court of Appeals for the Sixth Circuit dismissed the case on March 7.

There was much on the line, Tabler said.

"If she had prevailed, the decision would have stood for the proposition that for a hospital to have certified compliance with HITECH and receive incentive payments, even an occasional breach of security would prove that the certification was false and therefore an FCA violation," Tabler said.

"That carries a triple-damages penalty plus a $5,500-to-$11,000 per claim fine."

ORGANIZATIONS IN THIS STORY

More News