Provider Consolidation Is Driving Litigation In Healthcare Data Breach Lawsuits

Jill McKeon, reporting in TechTarget, writes that understanding what drives healthcare data breach lawsuits can help organizations prepare, and consolidation is one big factor driving litigation.

Consolidation has fundamental data security implications. Two merging entities integrate critical systems, and a breach of those systems affects more people. If a class action is filed, the result is a bigger class.

McKeon quotes Matthew Green, deputy chair of  Obermayer’s litigation department: “Years ago, there were a lot more mom-and-pop providers, and they have joined forces, and now you have these huge conglomerates, you have private equity and massive amounts of consolidation, resulting in a smaller number of entities holding a larger amount of people’s information. And that is just going to make the issue explode.”

Healthcare companies planning acquisitions need to conduct thorough risk assessments, especially of the target’s data protection practices. Establish a list of bottom-line practices that will ensure that both organizations reach a certain standard of security.

Settlements have become the typical result of healthcare data breach lawsuits. According to Green, whether there was a breach of duty often isn’t definitively resolved in settlements. If it is resolved, it will be case-specific.

Healthcare companies are likely to continue to face class action lawsuits and allegations of negligence over their handling of data breaches. Considering the effort and money required to litigate those cases, settlements are a reasonable resolution.