CHICAGO — The University of Chicago has asked to be dismissed from a class action lawsuit accusing Google and the university's hospital of improperly sharing patient data, as the hospital asserted the plaintiffs haven't been able to demonstrate how the hospital harmed anyone.
On June 26, attorneys from the firm of Edelson P.C. filed a complaint in Chicago federal court on behalf of named plaintiff Matt Dinerstein alleging the University of Chicago Medical Center violated federal privacy law by sharing patient health records with Google, which the internet giant allegedly used to create its own electronic health record management system.
In a motion filed Nov. 7, the university asked Judge Rebecca Pallmeyer to dimiss Dinerstein’s amended complaint, saying it didn’t adequately cure the deficiencies identified in his initial filing.
In his original complaint, Dinerstein said Google and UC falsely claimed the records didn’t contain individual patient information because they “included detailed date stamps and copious free-text notes,” and using detailed geolocation information “Google — as one of the most prolific data mining companies — is uniquely able to determine the identity of almost every medical record the University released.”
However, UC said, Dinerstein never alleged Google actually identified him or anyone else through the hospital’s data.
“He claims Google has the ability to do so but admits that Google contractually agreed not to even try to identify anyone as a condition of receiving the data,” according to the motion, which added a “fear that Google might breach its contractual obligations by identifying him is no basis for a lawsuit. His other scattered theories — e.g., he has been deprived of the ‘value’ of his records, — have been rejected by courts across the country as insufficient.”
Further, UC said Dinerstein’s contract claims fall short for failure to allege an actual breach, his claims under the Consumer Fraud and Deceptive Business Practices Act lack particularity and both claims lacked allegations of specific damages.
The university noted said several courts rejected similar cases based on Dinerstein’s argument he overpaid for his health care because of the alleged privacy violations, noting his complaint lacks a suggestion “he bargained for or paid a specific sum for data privacy,” and further that he couldn’t have done so because he and all other patients “were expressly told that the University might use their data for research and that they would not be compensated even if the end result of the research was commercially valuable.”
Several courts have rejected the notion that personal information has its own cash value, UC said, undercutting his ability to allege financial damage. He likewise failed to argue the arrangement between Google and the hospital made his personal data less valuable. Alleging the university gained something from its deal with Google doesn’t directly imply patients lost anything of value. UC similarly said Dinerstein’s emotional distress allegations fall short as they are “bald assertions” that don’t meet federal pleading standards.
The Health Insurance Portability and Accountability Act, the Notice of Privacy Practices and the authorization form university patients sign “expressly permit the research that occurred here,” UC argued, adding Dinerstein alleged “no facts to suggest the University tacitly agreed to do anything other than to provide medical care and satisfy requirements already imposed by law.”
The university also said allegations concerning the Medical Patients Right Act fail as that law provides no right of private action, and further it only applies to actual medical research, which doesn’t fall under the scope of Dinerstein’s allegations.
Ultimately, UC argued Dinerstein’s complaint should be dismissed with prejudice.
Representing the university in the matter is the Chicago firm of Kirkland & Ellis LLP.