Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Herzig v. Arkansas Foundation for Medical Care, Inc.

United States District Court, W.D. Arkansas, Fort Smith Division

July 3, 2019




         Two motions are pending before the Court. Defendant Arkansas Foundation for Medical Care, Inc. (“AFMC”) filed a motion (Doc. 26) to dismiss or order an adverse inference for intentional and bad faith spoliation of evidence and a brief (Doc. 27) in support. Plaintiffs Brian Herzig and Neal Martin filed a response (Doc. 30) and brief (Doc. 31) in opposition. AFMC filed a reply (Doc. 38) with leave of Court. The Court held a hearing (Doc. 41) on this motion on February 7, 2019. AFMC also filed a motion (Doc. 33) for summary judgment and a statement of facts (Doc. 34) and brief (Doc. 35) in support. Herzig and Martin filed a response (Doc. 43), statement of facts (Doc. 44), and brief (Doc. 45) in opposition. AFMC filed a reply (Doc. 48). A motion to deem facts admitted on procedural grounds was terminated by the Court, which explained that it will consider the argument to deem facts admitted on the motion for summary judgment.

         For the reasons stated herein, the spoliation motion will be granted in part and denied in part and the motion for summary judgment will be granted.

         I. Standard

         After viewing the record in the light most favorable to the nonmoving party and granting all reasonable factual inferences in the nonmovant's favor, a motion for summary judgment must be granted “if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to summary judgment as a matter of law.” Fed.R.Civ.P. 56(a); Haggenmiller v. ABM Parking Serv., Inc., 837 F.3d 879, 884 (8th Cir. 2016). Facts are material when they can “affect the outcome of the suit under the governing law.” Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). Disputes are genuine when “the evidence is such that a reasonable jury could return a verdict for the nonmoving party.” Id. “While the burden of demonstrating the absence of any genuine issue of material fact rests on the movant, a nonmovant may not rest upon mere denials or allegations, but must instead set forth specific facts sufficient to raise a genuine issue for trial.” Haggenmiller, 837 F.3d at 884 (quotations omitted). A party must support its assertions or disputes of material fact by citing to the record, and failure to do so may result in the Court deeming facts admitted or disputed. Fed.R.Civ.P. 56(c), (e); W.D. Ark. R. 56.1.

         “Aside perhaps from perjury, no act serves to threaten the integrity of the judicial process more than the spoliation of evidence.” United Med. Supply Co., Inc. v. United States, 77 Fed.Cl. 257, 258 (Fed. Cl. 2007). A court has inherent authority to fashion appropriate sanctions for conduct which abuses the judicial process. Stevenson v. Union Pac. R. Co., 354 F.3d 739, 745 (8th Cir. 2004). “A spoliation-of-evidence sanction requires ‘a finding of intentional destruction indicating a desire to suppress the truth.'” Greyhound Lines, Inc. v. Wade, 485 F.3d 1032, 1035 (8th Cir. 2007) (quoting Stevenson, 354 F.3d at 746). If the movant shows the spoliation was done in bad faith, the Court may give an adverse inference or dismiss the case. Menz v. New Holland N. Am., Inc., 440 F.3d 1002, 1006 (8th Cir. 2006).

         II. Facts

         Herzig and Martin's responsive statement of facts (Doc. 44) does not cite to evidence in the record to support the disputes it identifies with AFMC's statement of facts (Doc. 34). Herzig and Martin fail to show their disputes are genuine. Furthermore, most of the identified disputes concern facts immaterial to the resolution of Herzig and Martin's age discrimination claims. The material facts in AFMC's statement of facts are deemed admitted, though the Court will continue to draw factual inferences in Herzig and Martin's favor and will consider their legal disputes with AFMC's interpretation of the material facts.

         AFMC provides medical necessity review services related to Medicaid under contract with the State of Arkansas. AFMC receives, uses, and transfers protected health information and must observe privacy and security requirements imposed by the Health Insurance Portability and Accountability Act (“HIPAA”). Among those requirements are that AFMC must limit access to protected health information to the minimum personnel necessary to perform AFMC's contractual obligations, AFMC must log electronic access to protected health information for audit purposes, and AFMC must implement appropriate disciplinary actions against individuals who violate HIPAA.

         Plaintiff Brian Herzig began working at AMFC in 2005 as a Software Applications Developer and eventually was promoted to Director of Information Technology in 2009. In that position, he was responsible for development, production, and maintenance of AFMC's IT systems and for ensuring employee compliance with data confidentiality and security policies. Herzig reported directly to Nathan Ray, AFMC's Chief Technology Officer.

         Plaintiff Neal Martin began working at AFMC in 2010 as Manager of Programming and eventually was promoted to Assistant Director of Information Technology in October, 2016. In that position, he was responsible for application development projects and implementation of programs and applications. Martin's position as Assistant Director was newly-established when he was promoted, and Martin reported directly to Herzig.

         In 2016, AFMC designed and developed in-house medical necessity review software called “ReviewPoint.” ReviewPoint was intended to integrate servers hosting protected health information through a software platform called “Laserfiche” with customized and default features of a software platform called “Salesforce.” AFMC's Business Intelligence Department in Little Rock was in charge of AFMC's implementation and use of Salesforce. AFMC's IT Department in Fort Smith was in charge of the ReviewPoint project. Because AFMC's IT Department had the only employees with computer program development knowledge and responsibilities, the IT Department was responsible for the Laserfiche Integration Program, which would allow Salesforce to access the Laserfiche-based protected health information in a way that complied with AFMC's HIPAA obligations to limit and log personnel access to that information. Mark Gossman was the lead programmer responsible for writing the computer code for the Laserfiche Integration Program and was directly supervised by Martin.

         At meetings attended by Herzig, Martin, Chief Technology Officer Ray, AFMC Manager of Security D.J. Blaylock, and AFMC General Counsel and HIPAA Privacy Officer Breck Hopkins, the need to meet HIPAA security and logging requirements was emphasized, and Herzig, Martin, and Blaylock agreed that necessary security and logging protections either could be developed or were already in place. Prior to AFMC's deployment of ReviewPoint on January 13, 2017, Blaylock submitted a security report and Martin assured AFMC leadership that the Laserfiche Integration Program was effective at secure, HIPAA-compliant retrieval of Laserfiche-based protected health information.

         On March 7, 2017, employees in the Business Intelligence Department learned of an exploit that they believed would allow a ReviewPoint user to bypass ReviewPoint security and gain unauthorized access to protected health information by changing the document number displayed in the URL on ReviewPoint. The employees contacted HIPAA Privacy Officer Hopkins and demonstrated the exploit. Hopkins reported the exploit to Chief Technology Officer Ray and to AFMC Chief Operating Officer Marilyn Little. Thereafter, AFMC disabled the Laserfiche Integration Program, preventing ReviewPoint users from uploading medical records. This in turn prevented AFMC personnel from using ReviewPoint to conduct medical necessity reviews pursuant to AFMC's Arkansas Medicaid contract. Hopkins then reviewed the logs for Laserfiche to determine if anyone had actually used the exploit to unnecessarily access protected health information in violation of HIPAA. During that review, Hopkins learned of a second potential problem-Laserfiche was not logging access by users who actually accessed protected health information. Instead, after a user entered his or her credentials into ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.