Judge Dismisses Privacy Lawsuit Against University of Chicago

Written by

A federal judge has dismissed a lawsuit filed against the University of Chicago, UChicago Medicine and Google over an alleged privacy and HIPAA breach.

The potential class-action suit was filed in June last year over a data-sharing partnership between Google and the University of Chicago Medicine. 

In 2017, Google received the anonymized data of University of Chicago Medicine patients for research purposes. The data was sent by University of Chicago Medicine under an initiative to improve predictive analysis of hospitalizations and subsequently raise the level of patient care.

Under the partnership, the tech giant used machine learning techniques to analyze the patient data in the hope of detecting when a patient’s health is deteriorating. The idea was to find out if and how a timely intervention might prevent the need for hospitalization.

Data sent by the University of Chicago Medicine to Google belonged to hundreds of thousands of people who were patients of the healthcare provider between 2009 and 2016. Although de-identified, the data contained time stamps of dates of service and notes made by physicians.

Edelson PC filed the lawsuit on behalf of lead plaintiff Matt Dinerstein, a patient of UC Medical Center who stayed at the hospital twice in 2015.

The suit alleged that Dinerstein’s confidential protected health information had been shared with Google without first being appropriately de-identified. The suit claimed that the alleged data breach had come to light after the publication of a 2018 research study that confirmed notes and time stamps had not been removed from the data before it was sent to Google.

In the suit, Dinerstein sought a royalty for the use of his protected health information by Google. The plaintiff claimed his medical records were of value to himself and had been stolen. 

Federal judge Rebecca Pallmeyer of the United States District Court Northern District of Illinois Eastern Division dismissed the suit on September 4. Pallmeyer ruled that royalties are only appropriate when a property right has been interfered with, and Dinerstein had failed to establish that he had property rights to his own personal health information.

What’s hot on Infosecurity Magazine?