recommended reading

Nurse files privacy suit against IT sections in stimulus spending law

A New Hampshire nurse filed a lawsuit late last month against the Health and Human Services Department, claiming the health information technology sections of the 2009 stimulus bill violate her privacy protections in federal and state laws, including the Health Insurance Portability and Accountability Act and the Hippocratic oath.

Beatrice Heghmann, a nurse in Durham, N.H., alleged in the lawsuit that because the health IT sections of the 2009 American Recovery and Investment Act mandate every health care provider in the nation create an electronic health record for all patients, the law puts her personal health information "a mouse-click away from being accessible to an intruder."

In the complaint, filed in the U.S. District Court for the Southern District of New York, Heghmann asked for a preliminary and permanent injunction against the health IT sections of the stimulus bill to prevent "unconstitutional exposure of her personal health information."

The suit named Kathleen Sebelius, HHS secretary; Nancy-Ann DeParle, director of the White House Office of Health Reform; and Charlene Frizzera, acting administrator of the Centers for Medicare and Medicaid Services, as defendants. She also asserted the stimulus bill gives the HHS secretary wide latitude to determine the kind of "minimum necessary information" that can be extracted from a patients health care record and provided to third parties.

An HHS spokeswoman did not return a call for comment on the lawsuit.

The lawsuit highlights one of the key problems with the health IT sections of the stimulus bill, said Twila Brase, president of the Citizens' Council on Health Care, a nonprofit group in St. Paul, Minn., that advocates confidentiality of patient-doctor relationships. The law "facilitates creation and sharing of electronic medical records without consent," she said. Allowing the HHS secretary to set minimum standards for sharing health information "puts privacy in the hands of a political appointee," rather than a doctor, Brase added.

The stimulus law also takes away states' rights to enact tougher privacy protections than those contained in the federal statute. In an interview, Robert Heghmann, the lawyer who filed the suit and Beatrice's husband, said New Hampshire's privacy law has stricter provisions on the sharing of health care information than federal law.

Asked if the lawsuit had a slim chance of a judge ruling in favor of it, Robert Heghmann said, "This is not a long shot," and said they would prevail.

But the suit is "hyperbolic and a bit over the top," said Karl Thallner Jr., a partner at Reed Smith LLP law firm in Pittsburgh, who specializes in health care litigation.

Dr. Deborah Peel, founder of Patient Privacy Rights, a medical privacy watchdog group in an Austin, Texas, predicted more lawsuits against the health IT section of the stimulus bill would follow the Heghmann case. "Lawsuits over privacy rights will continue to be filed because Americans expect to control their electronic health information, just as they have always controlled their paper health records," she said.

Peel added that patient rights are reflected in state laws covering privacy protection, as well as common law, tort and contract law, the physician-patient privilege, the psychotherapist-patient privilege, and constitutional rights to health privacy. Congress must ensure consumer control over electronic health information, she added.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.