A council of more than 30 Chicago-area hospitals has sued its IT provider over the tech firm’s plan to destroy patient data from its servers, saying the action would severely impair the council’s ability to operate a patient-data sharing exchange.
MCHC-Chicago Hospital Council filed suit in Chicago federal court against Sandlot Solutions, Inc., and Sandlot’s parent company, Santa Rosa Consulting. According to the lawsuit, MCHC learned in late March that Sandlot was going out of business, and would shut down by April 8. Sandlot planned to provide MCHC a copy of its raw client data and then delete the data from its servers.
MCHC operates an information sharing platform that allows participating hospitals and medical facilities to securely exchange up-to-date patient information to allow doctors at a hospital, for example, to access without delay the latest medical records of a patient who may have been taken taken to an emergency room following an accident. Sandlot is a third-party IT provider that hosted the medical data on its servers. According to the lawsuit, Sandlot’s plan would delete about 2 million patient records collected over a period of years, before MCHC had a chance to review the raw data and confirm it was not corrupted.
“MCHC has spent almost seven years … building its credibility and reputation in the marketplace and among its participants,” the suit stated. “Losing the Client Data, which is the heart of the MetroChicago [Health Information Exchange], would destroy the confidence the marketplace and participants have in the MetroChicago HIE and completely ruin MCHC’s hard-earned reputation.”
The lawsuit said MCHC was made aware that Sandlot was “winding down” its operations about March 28. A day later, the lawsuit alleged, Sandlot shut down the medical information system, an allegation Sandlot has denied.
The lawsuit stated Sandlot planned to delete the data within 24 hours of providing the raw copy, which MCHC says is not enough time to download and properly validate it. The lawsuit, filed April 5, sought a restraining order prohibiting the deletion of the data, which was granted April 8. Sandlot has told media outlets it has already turned over the raw data file.
The suit further claimed the raw data alone isn’t enough – in order for MCHC to validate it, the council must have it in a readable format. The council said it is also missing software, source code and documents that would facilitate the transmission of the data from Sandlot’s servers to a different system.
The suit claimed damage would extend beyond simple loss of data should patient records in the raw file turn out to be corrupted, altered or unreadable, and the original copies are gone. Some of the participating medical facilities would need the data to qualify for federal funds, the MCHC said. Losing the data could also effectively close down the information-sharing system.
The suit also claimed Sandlot’s plan would violate HIPAA, the federal health care privacy law.
“Sandlot and Santa Rosa’s refusal to provide Client Data in a reliable format, and its intention to destroy the Client Data, would violate HIPAA’s mandate that business associates ensure the confidentiality, integrity, and availability of all electronic [protected health information],” the lawsuit stated.
The suit claimed breach of contract for the March 29 shutdown, anticipatory breach of contract for the promised deletion of patient data, replevin to obtain the client data in a readable format, and tortious interference with contract. MCHC asked the court to order Sandlot to turn over the data, issue an injunction preventing its destruction and award damages.
The suit was filed on behalf of MCHC by attorneys Brian Lewis and Ryan McLaughlin of Barnes & Thornburg LLP.
Santa Rosa Consulting is represented in the action by the firm of Reed Smith, of Chicago.
The case is docketed in the U.S. District Court for the Northern District of Illinois as Case No. 16-CV-4012.