Court prevents HIE contractor from destroying data

A federal court in Illinois has ruled against a health information exchange contractor that had planned to destroy patient data as it goes out of business, according to Law360.

MCHC-Chicago Hospital Council, a nonprofit that runs the MetroChicago Health Information Exchange, had sued Sandlot Solutions Inc. over plans to destroy all client data within 24 hours of providing a copy to MCHC.

MCHC sued to prevent that, saying it wasn't enough time to verify that the data was usable and not corrupted. Sandlot also had planned to destroy audit trail and node authentication logs, which track things like when a patient's file is accessed. Sandlot had not provided copies of those logs, and MCHC argued that destroying them could prevent it from complying with audit control requirements under HIPAA.

If the data were lost or unusable, MCHC said it would have to start from scratch to rebuild the data stored for the exchange, a process that would be time-consuming, expensive and would permanently damage MCHC's reputation, possibly causing the nonprofit to shut down, the suit stated.

A federal judge agreed that loss of the data would create irreparable harm and ordered the contractor not to destroy the data without court approval. It was ordered to provide the raw data to MCHC as well as a "virtual" copy as soon as possible. The HIE was ordered to bear the cost of hardware, personnel and other expenses necessary to do so, and also to post bond of $25,000.

To learn more:
- read the Law360 story