Major Shift in Scope of Litigation in Norton Healthcare v. Univ. of Louisville

Some major demands appear to be dropped… at least for now.

I made the pilgrimage to Frankfort this afternoon. A lot has happened since my last dip into the legal documents of this case. There were thousands of pages to review but at 25 cents per copy, I had to fall back on taking photographs of the most recent 1600 pages. There was a court hearing only yesterday! A summary of that session is attached. It looks like the otherwise short hearing was interrupted by some off-the-record discussion between the parties. The index to the video of the court proceedings attributes to Judge Wingate that “what remains in this case is the issue of the amount of the reimbursement that needs to be paid from Norton. This should be able to be taken care of through mediation.” Additionally, “The hearing on the 18th is not needed. The parties should continue in the discovery process.” Continue reading

Next Round in Norton Healthcare v. UofL.

Only Superficially About Cooperation with UK?both-logos-150

The lawsuit stemming from UofL’s claim that Norton had violated its land-lease agreement with the Commonwealth, and the initiation of a process by the University to wrest physical ownership of Kosair Children’s Hospital from Norton is on the docket for Franklin County Circuit Court on March 18. Norton is asking for a judicial determination that its non-binding Letter of Intent (LOI) to cooperate more closely with the University of Kentucky over children’s health does not violate is ground lease with the Commonwealth or any other agreement with UofL. Because the Commonwealth actually holds the lease, the Finance and Administration Cabinet intervened as a defendant on the side of UofL. Continue reading

Family and Medical Leave Act Provisions Extended to All Same-Sex Married Couples.

Regardless of what the U.S. Supreme Court decides in resolving the lower court differences over whether individuals of the same sex can marry in all states, the tidal wave of change in both public opinion and law sweeping over the country only gets higher. The U.S. Supreme Court recently found in U.S. v. Windsor that gay and lesbian couples that were legally married could not be denied the ability to file their federal income taxes jointly from other states, even those which refused to recognize that marriage. To do so for federal tax purposes was found to be a denial of equal protection under the law and therefore unconstitutional. Since marriage status is relevant to a multitude of other civil matters, it is not surprising that other regulations or laws might be revised. So it came to pass last week when the U.S. Department of Labor (DOL) published its final rule on eligibility to take advantage of the Family and Medical Leave Act (FMLA). The rule goes into effect March 27, 2015.  A Fact Sheet and Frequently Asked Questions are available on the DOL website. Continue reading

Former UofL Vice-President Files Whistleblower Complaint Against UofL.

circuit-courtThere is no longer any doubt in my mind that the unscheduled executive session tacked on at the end of the February University of Louisville Board meeting was called to deal with the matters of the firing of Vice President for Human Relations Sam Connally and the allegations he brought to the attention of the Board members. As reported earlier today by Insider Louisville, the Courier Journal, and the Kentucky Center for Investigative Reporting, Mr. Connally filed a not-unexpected lawsuit yesterday against the Board of Trustees as agents of the University. A quick trip downtown yielded a copy of the complaint. It makes for interesting reading and provides more detail than a previous letter by Connally to the Courier Journal published elsewhere and which found its way to the UofL Trustees before their meeting.

Somewhere in this article I need to make the appropriate comment that any such complaint tells only one side of the story– a fact readily acknowledged by Mr. Connally. However, in this case, we have a pretty good idea what the University will say in the form of the investigation prepared on its behalf by its outside attorney. I read that report and also the 100 pages of supporting documents.  It covers the same basic set of events as Connally’s complaint with a different spin indeed. There are obviously matters of fact and interpretation to be worked through. Win or lose, in my opinion and based on documents I have seen, UofL is not going to come out of this looking very good. Continue reading

History of Major Breaches of Healthcare Privacy.

Yesterday I wrote about the major breach of privacy of protected personal medical information involving the major health insurer, Anthem, by an as yet unknown hacker. As many as 80 million individual patients were put at risk.  I expressed my opinion that such breaches are to be expected in our current healthcare world. Subsequently, in coverage of the matter by Modern Healthcare, it was noted that the largest previous breach resulting from hacking was a 2014 episode at Community Health Systems of Tennessee. That cyber-attack — involving a mere 4.5 million records — is thought to have originated in China.

Being a curious sort, I extracted all the HHS reports of breaches involving more than 100,000 records. It can be viewed here. There have been 40 instances of such breaches  reported to the Office of Civil Rights in HHS, 10 of these greater than a million. A total of 33.6 individuals were exposed. In these breaches, the covered entity compromised was a Business Associate in 19, Healthcare Provider in 14, and a Health Plan in 7.

While physical theft of records in one form or another remains a common type of major breach, it is clear that the ability to penetrate network servers by theft, hacking or by unauthorized access provides the best high-yield approach for data-thieves. It is also clear that business associates of healthcare providers and plans are a weak link. Why am I not surprized?

Inspection of the names of the covered entities reveals a wide range of entities including: health plans, medical centers, state & federal government agencies, contractors & consultants, and drug stores.

It should be noted that the fact that a breach occurred did not necessarily mean that the data was misused— a thief may have just wanted the laptop! However, potential misuse is always a possibility. Recall that only breaches involving more than 500 individuals appears on this government list, and that the number of breaches of any size not reported or recognized is completely unknown.

Peter Hasselbacher, MD
Feb 17, 2015

Breach of Personal Healthcare Information at Anthem.

Healthcare data unchained!

We often hear the aphorism, “Anything put on the internet, stays on the internet.” I suggest a corollary, “Anything put on a computer can be retrieved by a determined inquisitor.” So it is even for the most intimate of personally identifiable information – healthcare records. Given massive nationwide efforts to digitize our healthcare encounters, and given the frequency with which those digits are shared among insurers, contractors, researchers, public health officials, health information exchanges, pharmaceutical companies, healthcare providers, and the host of other interested parties who claim a legitimate interest, it is inevitable that data will go astray and be misused – illegally or inappropriately! It is said of computer hard-drives that one does not ask if a failure will occur, but when. I maintain that the same dictum holds true of personal health information. If computer-wielding crooks can steal from banks (which we assume use the highest degree of on-line and network protection), how impregnable is the healthcare industry? Apparently not so much.

Big data-hack at Anthem.
Earlier this month, health-insurer behemoth Anthem announced that the personal healthcare and credit card information of as many as 80 million of its customers may have been compromised. A secondary wave of attacks is already occurring as scammers send email warnings pretending to be from Anthem or credit-protection companies seeking to extract even more personal information from frightened Anthem customers. The Anthem breach strikes close to home. At last week’s UofL board of Trustees meeting, it was announced that some 5700 UofL employees might be on the Anthem list. I may be one of them. Not a good feeling. I feel violated enough when my personal healthcare information is being used to target me with marketing propaganda cloaked as important medical information. Having the same information in the hands of bona fide crooks gives me the willies. Continue reading

UofL Firing of Vice President Sam Connally. Will The Truth Emerge?

Felner Redux?

Last December I wrote a follow-up story about the firing of UofL Vice President for Human Resources, Sam Connally, allegedly over his complaint of misconduct against Provost Shirley Willihnganz. These related to manipulation of the state Request For Proposal (RFP) purchasing process seeking a new health-plan manager for the University’s self-funded employee heath insurance benefit with a goal of obtaining a possible additional multi-million dollar gift from Humana, and also inappropriate Equal Employment Opportunity Commission filings. The University hired an outside attorney to investigate who determined that there was no merit to Mr. Connally’s claims.

In my mind, when you hire a lawyer, the expectation is that the best argument in favor of your position will result. A truly independent investigation would be paid for by someone else. I was reminded of UofL President Ramsey’s default response when confronted by numerous accusations of misconduct against former School of Education Dean Robert Felner by characterizing them as “anonymous c**p.” (Dr. Feller subsequently went to jail.) In my first article, I asked for a truly independent outside audit perhaps by State Auditor Edelen, and also asked the Board of Trustees to do their duty. On the basis of the investigation and the recommendation of University administration, the Board approved the firing of Connally. Continue reading

Building A New VA Hospital— What Would Robley Rex Think?

robley-rexThe lengthy and tortuous planning process to build a replacement Robley Rex Veterans Administration hospital came into public view again these last three weeks. On January 15, dual afternoon and evening public hearings were held at the Clifton Center to allow public comment on the site-specific draft environmental assessment of the former farmland. It is my understanding that these were expected to be the last public hearings to held for the relocation project.

I estimate that some 60 people attended each session, but I could not completely differentiate program development and VA staff members from the public. There were probably some, like me, that attended both hearings. An initial (and certainly futile) request was made to keep the session on topic— to focus comments on the draft environmental assessment. Although some general questions might be answered, it was made clear that the intent was not to fully answer questions so much as to collect them for incorporation into the final environmental assessment.

Each session was begun with a welcome and introduction of the new VA director, Martin J. Traxler, and a presentation from planning staff member Mary Peters summarizing the environmental assessment. That presentation, the full environmental assessment report, and its summary are available from the Louisville VA website. The large bulk of environmental questions and comments related to concerns about traffic and disruptions during the multiyear construction process itself. Continue reading