United States District Court, W.D. Arkansas, Fort Smith Division
OPINION AND ORDER
HOLMES, III U.S. DISTRICT JUDGE
motions are pending before the Court. Defendant Arkansas
Foundation for Medical Care, Inc. (“AFMC”) filed
a motion (Doc. 26) to dismiss or order an adverse inference
for intentional and bad faith spoliation of evidence and a
brief (Doc. 27) in support. Plaintiffs Brian Herzig and Neal
Martin filed a response (Doc. 30) and brief (Doc. 31) in
opposition. AFMC filed a reply (Doc. 38) with leave of Court.
The Court held a hearing (Doc. 41) on this motion on February
7, 2019. AFMC also filed a motion (Doc. 33) for summary
judgment and a statement of facts (Doc. 34) and brief (Doc.
35) in support. Herzig and Martin filed a response (Doc. 43),
statement of facts (Doc. 44), and brief (Doc. 45) in
opposition. AFMC filed a reply (Doc. 48). A motion to deem
facts admitted on procedural grounds was terminated by the
Court, which explained that it will consider the argument to
deem facts admitted on the motion for summary judgment.
reasons stated herein, the spoliation motion will be granted
in part and denied in part and the motion for summary
judgment will be granted.
viewing the record in the light most favorable to the
nonmoving party and granting all reasonable factual
inferences in the nonmovant's favor, a motion for summary
judgment must be granted “if the movant shows that
there is no genuine dispute as to any material fact and the
movant is entitled to summary judgment as a matter of
law.” Fed.R.Civ.P. 56(a); Haggenmiller v. ABM
Parking Serv., Inc., 837 F.3d 879, 884 (8th Cir. 2016).
Facts are material when they can “affect the outcome of
the suit under the governing law.” Anderson v.
Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). Disputes
are genuine when “the evidence is such that a
reasonable jury could return a verdict for the nonmoving
party.” Id. “While the burden of
demonstrating the absence of any genuine issue of material
fact rests on the movant, a nonmovant may not rest upon mere
denials or allegations, but must instead set forth specific
facts sufficient to raise a genuine issue for trial.”
Haggenmiller, 837 F.3d at 884 (quotations omitted).
A party must support its assertions or disputes of material
fact by citing to the record, and failure to do so may result
in the Court deeming facts admitted or disputed. Fed.R.Civ.P.
56(c), (e); W.D. Ark. R. 56.1.
perhaps from perjury, no act serves to threaten the integrity
of the judicial process more than the spoliation of
evidence.” United Med. Supply Co., Inc. v. United
States, 77 Fed.Cl. 257, 258 (Fed. Cl. 2007). A court has
inherent authority to fashion appropriate sanctions for
conduct which abuses the judicial process. Stevenson v.
Union Pac. R. Co., 354 F.3d 739, 745 (8th Cir. 2004).
“A spoliation-of-evidence sanction requires ‘a
finding of intentional destruction indicating a desire to
suppress the truth.'” Greyhound Lines, Inc. v.
Wade, 485 F.3d 1032, 1035 (8th Cir. 2007) (quoting
Stevenson, 354 F.3d at 746). If the movant shows the
spoliation was done in bad faith, the Court may give an
adverse inference or dismiss the case. Menz v. New
Holland N. Am., Inc., 440 F.3d 1002, 1006 (8th Cir.
and Martin's responsive statement of facts (Doc. 44) does
not cite to evidence in the record to support the disputes it
identifies with AFMC's statement of facts (Doc. 34).
Herzig and Martin fail to show their disputes are genuine.
Furthermore, most of the identified disputes concern facts
immaterial to the resolution of Herzig and Martin's age
discrimination claims. The material facts in AFMC's
statement of facts are deemed admitted, though the Court will
continue to draw factual inferences in Herzig and
Martin's favor and will consider their legal disputes
with AFMC's interpretation of the material facts.
provides medical necessity review services related to
Medicaid under contract with the State of Arkansas. AFMC
receives, uses, and transfers protected health information
and must observe privacy and security requirements imposed by
the Health Insurance Portability and Accountability Act
(“HIPAA”). Among those requirements are that AFMC
must limit access to protected health information to the
minimum personnel necessary to perform AFMC's contractual
obligations, AFMC must log electronic access to protected
health information for audit purposes, and AFMC must
implement appropriate disciplinary actions against
individuals who violate HIPAA.
Brian Herzig began working at AMFC in 2005 as a Software
Applications Developer and eventually was promoted to
Director of Information Technology in 2009. In that position,
he was responsible for development, production, and
maintenance of AFMC's IT systems and for ensuring
employee compliance with data confidentiality and security
policies. Herzig reported directly to Nathan Ray, AFMC's
Chief Technology Officer.
Neal Martin began working at AFMC in 2010 as Manager of
Programming and eventually was promoted to Assistant Director
of Information Technology in October, 2016. In that position,
he was responsible for application development projects and
implementation of programs and applications. Martin's
position as Assistant Director was newly-established when he
was promoted, and Martin reported directly to Herzig.
2016, AFMC designed and developed in-house medical necessity
review software called “ReviewPoint.” ReviewPoint
was intended to integrate servers hosting protected health
information through a software platform called
“Laserfiche” with customized and default features
of a software platform called “Salesforce.”
AFMC's Business Intelligence Department in Little Rock
was in charge of AFMC's implementation and use of
Salesforce. AFMC's IT Department in Fort Smith was in
charge of the ReviewPoint project. Because AFMC's IT
Department had the only employees with computer program
development knowledge and responsibilities, the IT Department
was responsible for the Laserfiche Integration Program, which
would allow Salesforce to access the Laserfiche-based
protected health information in a way that complied with
AFMC's HIPAA obligations to limit and log personnel
access to that information. Mark Gossman was the lead
programmer responsible for writing the computer code for the
Laserfiche Integration Program and was directly supervised by
meetings attended by Herzig, Martin, Chief Technology Officer
Ray, AFMC Manager of Security D.J. Blaylock, and AFMC General
Counsel and HIPAA Privacy Officer Breck Hopkins, the need to
meet HIPAA security and logging requirements was emphasized,
and Herzig, Martin, and Blaylock agreed that necessary
security and logging protections either could be developed or
were already in place. Prior to AFMC's deployment of
ReviewPoint on January 13, 2017, Blaylock submitted a
security report and Martin assured AFMC leadership that the
Laserfiche Integration Program was effective at secure,
HIPAA-compliant retrieval of Laserfiche-based protected
March 7, 2017, employees in the Business Intelligence
Department learned of an exploit that they believed would
allow a ReviewPoint user to bypass ReviewPoint security and
gain unauthorized access to protected health information by
changing the document number displayed in the URL on
ReviewPoint. The employees contacted HIPAA Privacy Officer
Hopkins and demonstrated the exploit. Hopkins reported the
exploit to Chief Technology Officer Ray and to AFMC Chief
Operating Officer Marilyn Little. Thereafter, AFMC disabled
the Laserfiche Integration Program, preventing ReviewPoint
users from uploading medical records. This in turn prevented
AFMC personnel from using ReviewPoint to conduct medical
necessity reviews pursuant to AFMC's Arkansas Medicaid
contract. Hopkins then reviewed the logs for Laserfiche to
determine if anyone had actually used the exploit to
unnecessarily access protected health information in
violation of HIPAA. During that review, Hopkins learned of a
second potential problem-Laserfiche was not logging access by
users who actually accessed protected health information.
Instead, after a user entered his or her credentials into