In what may be the nightmare scenario for most health IT leaders, a post-acute care provider has entered into a legal battle with a former vendor over access to its patient data.
In the suit, which was filed in U.S. District Court in Pennsylvania, Post Acute Medical accuses vendor, Meridian Hospital Systems Corp., of refusing to let go of the data after its relationship with PAM ended. Meridian, for its part, has claimed in a separate suit that PAM not only stiffed it financially but also shared access to its code with a rival vendor.
The two parties apparently began working together in 2013. At the time, PAM and Meridian signed a deal under which the provider would use Meridian applications in its 28 Texas rehabilitation hospitals.
Under the terms of the agreement, PAM gave Meridian access to a wide range of data, which included customer and vendor contact lists as well as Protected Health information and electronic PHI on patients in the provider’s network-affiliated hospitals. Meridian’s job was to set up a database to house and aggregate the PAM data.
Eventually, PAM’s leaders decided they would be better off creating their own applications for data management instead of using those provided by Meridian. According to a story appearing In the Pennsylvania Record, the provider considered picking up an equity interest in Meridian and signing a long-term contract with the hospital software firm, but the deal never materialized.
According to PAM’s complaint, when it decided that the relationship wouldn’t work out, Meridian suddenly terminated access to its applications as well as PAM’s own data. It then refused to return the data after multiple requests and continues to access and mine the provider data long after receiving these demands, PAM asserts in the complaint. “[The software firm has] held the data for ransom and repeatedly threatened to destroy it in violation of HIPAA,’ the suit contends.
PAM’s suit alleges that it only gave Meridian access to the data for the duration of the relationship, and had not given the vendor permission to use the data for any reason other than supporting PAM’s operations. The provider claims that Meridian had agreed to return the data at the end of the contract.
Having failed to make this work or otherwise extend its business relationship with PAM, Meridian has attempted to meet its goals through “improper means,” including the filing of the Texas lawsuit, the provider argues.
Meridian, meanwhile, has filed a lawsuit in Texas accusing PAM of having “knowingly misappropriated” proprietary information about its software, then gave a user ID and password to Meridian competitor Key Management Group. In that suit, Meridian is asking for extensive financial damages along with monthly royalty payments of $59,400,