Healthcare Providers and Their Contractors: What Could Go Wrong?

By Ron Hedges

Healthcare providers often enter into agreements with third party contractors to provide services dealing with electronic information. There are various reasons to do so, such as leveraging the contractor’s expertise. Unfortunately, there may be times when the relationship between a provider and its contractor goes sour. MCHC-Chicago Hospital Council v. Sandlot Solutions, Inc., No. 16-cv-4012 (N.D. Ill.), provides an example with a particular focus on electronic health records (EHR).

The plaintiff is a non-profit that operates the MetroChicago Health Information Exchange (Exchange). The Exchange is a “health care information sharing platform which allows participating hospitals and physicians to securely exchange accurate and up-to-date medical information to improve the speed and accuracy of patient health care.” To function, the Exchange has a database into which the hospitals and physicians insert patient data. The plaintiff contracted with defendant Sandlot Solutions, Inc. (Sandlot), to provide support services related to the database. There is a second defendant, Santa Rosa Consulting, Inc., which had been a party to the contract but which was removed although the plaintiff alleged that it retained control over preservation of the database.

In February 2016, the plaintiff learned that Sandlot would be winding down and ceasing operations on April 8. However, the database was shut down earlier and Sandlot advised the plaintiff that Sandlot would send the plaintiff a copy of the database and then “destroy” it. The plaintiff objected, arguing that the copy might be corrupted and unusable by the Exchange. (There’s more to the allegations, but my summary here is sufficient for this blog’s discussion). On April 5, the plaintiff filed a civil action in the United States District Court for the Northern District of Illinois (in Chicago) and sought, among other things, to restrain the defendants from destroying the database.

The Court issued a temporary restraining order on April 7 that, among other things, barred Sandlot from destroying the database and required that the database be preserved through April 19. The Order was extended to May 4, and a status hearing has been set for May 26, 2016.

What lessons might be drawn from this dispute? First, to the extent possible, healthcare providers should exercise due diligence in their selection of third party contractors. Looking at the limited facts pled in the verified complaint and found in the temporary restraining order, however, whether this plaintiff could have done anything is very unlikely given the unanticipated demise of Sandlot. Second, providers should consider including in agreements with contractors a provision dealing with the “return” of EHR content in an accessible and verifiable form or forms if such a provision is not already there. And, of course, underlying the dispute is the obligations of the parties under HIPAA and the public interest in maintaining the Exchange and the flow of EHR data for the benefit of patients.

**Editor’s note: The views expressed in this column are those of the author alone and should not be interpreted otherwise or as advice.

Ron Hedges, JD, is a former US Magistrate Judge in the District of New Jersey and is currently a writer, lecturer, and consultant on topics related to electronic information.