A federal judge in Illinois on Friday threw out lawsuit alleging UChicago Medicine violated HIPAA when it shared patient data with Google.
UChicago Medicine agreed to share de-identified patient records with Google in 2017 to explore whether electronic health information could be used with machine learning to reduce readmissions and predict future medical events. A former University of Chicago Medical Center patient—Matt Dinerstein—sued Google, UChicago Medicine, and the University of Chicago last year, claiming they violated his privacy rights when the hospital shared time stamps for service dates, medical notes and other possibly identifiable information with the tech giant. He asked the court to grant the suit class action status.
U.S. District Judge Rebecca Pallmeyer in Illinois said Dinerstein proved that Google, UChicago Medicine and the University of Chicago broke their contract with him. But Illinois law doesn't allow him to collect for non-economic damages like anxiety or emotional distress that result from breach of contract.
"Mr. Dinerstein has neither developed nor supported a separate argument that the common law or his contract created a legal interest in his data," Pallmeyer wrote.
Pallmeyer added that while the tech giant and hospital violated their contract with him, Dinerstein hadn't shown that his medical records had any commercial value to him or that the company or university had done anything to reduce their value.
"None of his theories for money damages is adequate," she wrote.
Experts say HIPAA regulations are outdated and should be updated to meet the healthcare delivery system's changing needs and address new privacy concerns. Many privacy experts think Congress should create a general data privacy law to protect healthcare and healthcare-related information further.