For those following the Providence Health System medical record data theft case, this is a summary of oral argument at the Oregon Court of Appeals last Friday. The three-judge panel, Judges Haselton, Armstrong, and Rosenblum were completely engaged and extremely well prepared.

There are several major legal issues. The first is whether Oregon law recognizes that patients may recover for emotional distress when a medical provider wrongfully fails to protect confidential patient information. Oregon has been pretty conservative in its approach to emotional distress damages.  The Court of Appeals earlier cases have generally required either physical injury or a very short list of exceptions.

While I would love to see a change in the Court’s framework, it’s not necessary to resolve this case. The law recognizes what are called “special relationships,” and that includes the relationship between patients and their medical providers. So the gist of the argument was that in a special relationship case like this one, patients can recover non-economic damages when medical providers wrongfully fail to keep patient records confidential.

Sounds kind of like a no-brainer, I suppose, but the Court was definitely grappling with how the lines are to be drawn.  These gray areas are perhaps more complicated for the Court because they have to decide this case but also think ahead to the implications of the ruling.

The other big legal issue arose under the Unlawful Trade Practices Act claim. The Court seemed to have no trouble understanding that patients who spent money to protect themselves suffered a recognizable loss for purposes of the Unlawful Trade Practices Act.

I have to say that the patients’ legal team felt like oral argument went well. But it’s important to not read too much into that. I’ve won cases where I felt good about oral argument and lost them, too.  So it’s not necessarily the best predictor. My best guess is that we’ll hear from the Court with a decision before the end of the year.

When that day comes, it will not be the end. Instead, it will simply be another day in this long fight.

David Sugerman

Catching up–because we are way behind–here’s the first of two overdue document updates. This link appellants-reply-brief-and-reply-excerpt-of-recort pulls up a copy of the patients’ reply brief in the Oregon Court of Appeals in the proposed class action against Providence for loss of medical records.

Here’s a link to the entry that will pull up the patients’ opening brief, as well.

David Sugerman

News today is that the U.S. Veterans’ Administration has agreed to settle a data theft class action case for $20 million.  The case is of interest in Oregon because it provides something of a mirror for the Providence medical record data loss theft case pending here in Oregon.

Full disclosure: I represent patients whose data went missing in the Providence case.

The Veterans’ case settlement is particularly interesting in two ways. First, it includes compensation for emotional distress claims, where Providence refuses to include that in Oregon. Second, the laptop that went missing was recovered, and according to reports, the government believed that no one accessed the data. In the Providence theft, the data has never been recovered.

As for the Providence case, it’s been fully briefed, and we’re awaiting an argument date in the Oregon Court of Appeals.

David Sugerman

This one slipped under my radar. Only the heads up from a colleague alerted me that Providence healthcare system has agreed to a fine for HIPPA violations arising out of the data loss of 2005.

FYI, along with several other lawyers, I represent patients whose unencrypted computerized data was lost when a car burgler stole data from a parked car. The case for money damages is currently pending in the Oregon Court of Appeals.  We filed our opening brief on behalf of the patients, and Providence is due to file its response shortly. After they file their response, we’ll have one more brief, and the Court of Appeals will hear oral argument. I doubt very seriously that we’ll get a decision before 2009.

As for the HIPPA fine, $100,000 seems like a lot on its face, except when you realize that hundreds of thousands of patients were affected by the data loss.  Providence has now settled with both the State of Oregon and the U.S. government. Even so, they are still fighting damage claims brought by patients who seek compensation for their harms and losses.

In the life of the case on behalf of the patients, this is a non-event. We will continue forward.

David Sugerman

Back in late 2005, a car prowler stole unencrypted computerized medical records of 365,000 Providence Health System patients from an employee’s car. We filed a case here in Portland on behalf of the 365,000 patients, and the trial judge granted Providence’s motion to dismiss the claim. We appealed and recently filed our opening brief with the Oregon Court of Appeals.

I co-authored the brief with my friend and colleague, Brian Campf. Here is a pdf version:

Providence Class Action: Patients’ Opening Brief Oregon Court of Appeals

Appeals move at their own pace. I don’t expect a decision from the Court of Appeals until 2009.

David Sugerman

Interesting brouhaha reportedly brewing over new ethics rules taking effect. It seems that the Oregon legislature voted to apply long-standing ethics disclosure rules to local government officials, and some are walking away angry, or at least questioning the wisdom.

I haven’t reviewed the ethics rules first hand, but according to news reports, they require disclosures of government officials’ sources of income (but not amounts), business ownership interests, adult family relatives, and property owned within the jurisdiction. The theory behind the disclosure requirements is that we who are mere citizens would like to know that the multi-million dollar consulting contract or controversial zoning change isn’t quietly benefiting your family or your pocketbook.

Some are objecting to what they see as an invasion of privacy. I have to say that in this era of the internet, computer data, and domestic spying, I have grown more concerned about privacy concerns. But even so, I don’t think these disclosures are problematic for a couple of reasons.

The whole government office thing is a privilege and not an entitlement. For those who are unhappy with the disclosures, the right choice is to pull a Johnny Paycheck (I’m dating myself–country and western anthem, with the famous chorus, “Take this job and shove it. I ain’t workin’ here no more.”) or to not seek office. The disclosures here provide a means for ordinary citizens to monitor government officials’ decisions. Transparency provides for clean government, and for that reason, it seems to me that this is the right thing.

David Sugerman

This sounds familiar. In today’s news, a laptop stolen from the National Institute of Health contained unencrypted medical records on 2,500 patients. By way of full disclosure, I represent Portland-area patients in a case against the Providence medical system for a similar data loss.

I can’t help but be amazed that any medical information is stored without encryption. How can that not be the standard of care?

Adding insult to injury, the institution delayed reporting to patients, giving two very different reasons for the delay. First, the NIH spokesman explained that they didn’t want to cause undue patient alarm. And second, the agency concluded patients weren’t “at immediate risk.”

Okay, I’m totally jaundiced here. But doesn’t that statement–the lack of “immediate risk”–really mean, “They weren’t my medical records.”

After the Providence case, it should really be this simple: encrypt the records.

David Sugerman