United States ex rel. Sheldon v. Kettering Health Network alleged False Claims Act violations related to a data breach. The U.S. Court of Appeals for the Sixth Circuit has upheld a district court's dismissal of the case, according to a report from McDermott Will & Emery.
Here are five things to know about the lawsuit.
1. The relator, or whistleblower, Vicki Sheldon received two letters informing her that two Kettering employees inappropriately accessed her protected health information. Ms. Sheldon alleged Kettering falsely certified compliance with meaningful use and received incentive payments under the HITECH Act, according to the report.
2. Ms. Sheldon also alleged Kettering did not run reports through its EHR to monitor inappropriate access to PHI on a frequent enough basis.
3. The district court that initially upheld Kettering's motion for dismissal concluded the HITECH Act requires providers to maintain proper security protocols and notify affected parties of any data breaches, not prevent every single possible breach. The court suggested the two letters Ms. Sheldon received were in line with a breach-response policy and actually damaging to her case, according to the report.
4. Additionally, the district court stated neither the HITECH Act nor HIPAA sets forth a specific schedule for running reports to monitor inappropriate access to PHI.
5. The U.S. Court of Appeals for the Sixth Circuit upheld the district court's ruling. Ultimately, the court ruled MU attestation is not rendered false by individual data breaches, according to the report.