What Happens When A Relator Steals Patient Data?

A federal district court in Ohio recently grappled with an issue that arises frequently in healthcare qui tam cases: what happens when a relator steals confidential health information to file an FCA action? The relator in Cabotage v. Ohio Hospital for Psychiatry, No. 11-cv-50 (S.D. Ohio), a nurse, suspected that the hospital’s Medical Director was engaged in fraudulent activity. Cabotage gathered evidence, including the Medical Director’s patient notes and other patient-identifying information, and provided it to an agent for HHS. After HHS declined to pursue a claim against the facility for misconduct, Cabotage filed a qui tam. When the defendant hospital learned that Cabotage had taken confidential patient information, it filed a motion to compel the return of the information pursuant to HIPAA.

The Court concluded that it lacked authority under HIPAA to order the return of the purloined information, and that only the Secretary of HHS could act to enforce that statute. However, exercising its “inherent authority,” the Court entered an order precluding the relator from utilizing in the lawsuit any of the documents she removed from the hospital in connection with her investigation. The Court did not preclude relator from seeking the documents through the discovery process in the qui tam.

A copy of the court’s opinion can be found here.