Doe v. The University of Maryland Medical System Corporation

Filing 34

MEMORANDUM AND ORDER Granting 25 Motion to Remand. Signed by Judge Richard D. Bennett on 11/13/2023. (c/m 11/13/2023 bas, Deputy Clerk)

Download PDF
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND * JANE DOE, on behalf of herself and all others similarly situated , * Plaintiff, * v. * UNIVERSITY OF MARYLAND MEDICAL SYSTEM CORPORATION, * * Defendant. * * CIVIL NO. RDB-23-0690 * * * * * * * * * * * MEMORANDUM ORDER On January 23, 2022, Plaintiff Jane Doe (“Plaintiff” or “Doe”) initiated this putative class-action suit, filing a four-count Complaint against Defendant University of Maryland Medical System Corporation (“Defendant” or “UMMS”) for various claims stemming from Defendant’s alleged violation of its patients’ medical privacy rights in the Circuit Court for Baltimore City. (ECF No. 4.) Specifically, in her First Amended Complaint (ECF No. 6), Plaintiff alleges Interception of Electronic Communications in Violation of the Maryland Wiretap Act, MD. CODE ANN., CTS. & JUD. PROC. § 10-402 (Count I); Breach of Implied in Fact Contract (Count II); Unjust Enrichment (Count III); and Invasion of Privacy— Unreasonable Intrusion upon the Seclusion of Another (Count IV). (Id. at 64, 69, 77, 78.) On March 13, 2023, UMMS removed the action to this Court pursuant to 28 U.S.C. § 1442(a)(1), (ECF No. 1), contending that it was acting under a federal officer authority in furtherance of 1 a federal objective. Specifically, UMMS contends that when it digitized patients’ records it was in furtherance of a federal objective. Pending before this Court is Plaintiff’s Motion to Remand (ECF No. 25). Defendant responded in opposition, (ECF No. 28), and Plaintiff replied. (ECF No. 32.) The parties’ submissions have been reviewed and no hearing is necessary. Loc. R. 105.6 (D. Md. 2023). For the reasons explained below, Plaintiff’s Motion to Remand (ECF No. 25) is GRANTED. Quite simply, voluntary compliance with a federal program does not confer federal officer jurisdiction to this Court. BACKGROUND Plaintiff, who is a patient of Defendant and received treatment at the University of Maryland Medical Center, brought this action against Defendant UMMS in the Circuit Court for Baltimore City on January 23, 2023. (ECF No. 6 at 1, 5; ECF No. 4 at 84.) Plaintiff alleges that, without patients’ consent, Defendant intentionally embedded its websites with data collection tools that intercepted patients’ protected health information and automatically disclosed it to third parties in violation of patients’ rights. (ECF No. 6 ¶ 4.) Plaintiff asserts that UMMS encourages patients, including Jane Doe, to use its websites to obtain healthcare services and designs its home page for patient use by including tools such as “Find A Doctor,” “Health Services,” and “Patient Portal.” (Id. ¶¶ 21–22.) Defendant’s “Patient Portal” enables patients to make appointments, access medical records, view lab results, and exchange communications with healthcare providers. (Id. ¶ 23.) According to Plaintiff, software code, cookies, and tracking pixels on Defendant’s websites secretly collected these communications and other protected healthcare information without patients’ 2 knowledge or consent and disclosed that data to third-party marketing companies, including Facebook and Google. 1 (Id. ¶¶ 25–26, 76.) Plaintiff asserts that such disclosures enabled third-party marketers to directly receive private information, make reasonable inferences about patients’ medical conditions, and produce targeted advertisements based on those inferences. 2 (Id. ¶¶ 33, 39.) Plaintiff alleges that Defendant received the benefit of the targeted advertisements that third parties produced using patients’ protected health information. (Id. ¶ 216.) Plaintiff asserts that Defendant breached its obligations to patients in six ways by using embedded software that disclosed patient information to third parties. Specifically, Plaintiff alleges that Defendant failed to (1) obtain patients’ consent for the disclosure of confidential information; (2) adequately review its programs to ensure their safety; (3) remove or disengage software known to share patients’ private information with third parties; (4) block transmission of patients’ confidential information to third parties; (5) warn Plaintiff and putative class members that Defendant disclosed their information to third parties; and (6) generally protect patients’ confidential health information. (Id. ¶ 34.) Finally, Plaintiff alleges that Defendant violated patients’ reasonable expectation of privacy in their personal health information. (Id. ¶ 194.) Plaintiff alleges that the data collection tools on Defendant’s website included Meta Pixel, Google Analytics, and Google Tag Manager. (ECF No. 6 ¶¶ 33, 60.) 2 Plaintiff alleges that Defendant intercepted and disclosed the following private information to third parties: Plaintiff’s and Class Members’ status as patients; Plaintiff’s and Class Members’ communications with Defendant via its websites; Plaintiff’s and Class Members’ use of Defendant’s patient portal; Plaintiff’s and Class Member’s searches for information regarding specific medical conditions and treatments, their medical providers, and their physical location; Plaintiff’s and Class Member’s IP addresses, names, phone numbers, and Facebook identification. (ECF No. 6 ¶¶ 129, 146.) 1 3 On March 13, 2023, Defendant removed the action to this Court. (ECF No. 1.) Defendant alleges that federal officer jurisdiction attaches because (1) Defendant is a person within the meaning of the federal officer removal statute; (2) Defendant used tracking software to improve patient engagement and access in compliance with federal initiatives centered on Medicare and Medicaid, including the Promoting Interoperability Program 3 and the MeritBased Incentive Payment System (“MIPS”); and (3) Defendant plans to assert colorable federal defenses, including preemption, to Plaintiff’s claims. (Id. ¶ 15.) Defendant also notes that courts have upheld federal officer jurisdiction in class actions against similarly situated healthcare defendants. (Id. ¶ 16.) UMMS alleges that it is a longstanding participant in Medicare and Medicaid incentive programs and forms part of a private sector collective helping the federal government improve healthcare information technology infrastructure. (Id. ¶ 32.) Specifically, Defendant asserts that its use of patient portals and Facebook’s Meta Pixel throughout its website promotes user engagement in furtherance of the federal government’s information technology infrastructure initiative. (Id. ¶ 38.) Defendant argues that this implementation of third-party services on its websites in exchange for federal payments and direction through federal programs is akin to the exchange of services in a government-contractor relationship. (Id. ¶ 34.) Defendant also asserts that it plans to raise colorable federal defenses that any information disclosed was not protected by the Health Insurance Portability and Accountability Act (“HIPAA”), and Plaintiff’s state-law claims are preempted. (Id. ¶ 42.) The Promoting Interoperability Program was formerly titled the Meaningful Use Program. (ECF No. 25 ¶ 18.) 3 4 On April 12, 2023, Plaintiff moved to remand the action to the Baltimore City Circuit Court. (ECF No. 25.) On May 10, 2023, Defendant filed a Response in Opposition to Plaintiff’s Motion to Remand, (ECF No. 28), with Plaintiff replying on June 8, 2023. (ECF No. 31.) This matter is ripe for review, and for the reasons set forth below, Plaintiff’s Motion to Remand (ECF No. 25) is GRANTED. STANDARD OF REVIEW The federal officer removal statute, 28 U.S.C. § 1442(a)(1), authorizes removal of “a civil action or criminal prosecution that is commenced in a State court and that is against or directed to . . . [t]he United States or any agency thereof or any officer (or any person acting under the officer) of the United States or of any agency thereof, in an official or individual capacity, for or relating to any act under color of such office.” 28 U.S.C. § 1442(a)(1). When considering motions to remand, courts must interpret the federal officer removal statute broadly. See Arizona v. Manypenny, 451 U.S. 232, 242 (1981) (citing Willingham v. Morgan, 395 U.S. 402, 407 (1969)). The Supreme Court has held that “the right of removal is absolute for conduct performed under color of federal office, and . . . the policy favoring removal ‘should not be frustrated by a narrow, grudging interpretation of § 1442(a)(1).’” Id. (citations omitted). Accordingly, when a case has been removed pursuant to Section 1442, “the district court may remand it back to state court only if it thereafter discovers a defect in removal procedure or a lack of subject matter jurisdiction in the federal court.” Jamison v. Wiley, 14 F.3d 222, 238–39 (4th Cir. 1994) (citing 28 U.S.C. § 1447(d)). 5 ANALYSIS “The burden of establishing federal jurisdiction is placed on the party seeking removal.” Mulcahey v. Columbia Organic Chems. Co., 29 F.3d 148, 151 (4th Cir. 1994) (citing Wilson v. Republic Iron & Steel Co., 257 U.S. 92, 97 (1921)). To sustain removal under § 1442, a defendant must satisfy three elements. First, the defendant must demonstrate that it is “an officer of the United States or ‘acting under’ a federal officer within the meaning of the statute.” Mayor and City Council of Balt. v. BP P.L.C., 388 F. Supp. 3d 538, 567 (D. Md. 2019) (citing Sawyer v. Foster Wheeler LLC, 860 F.3d 249, 254 (4th Cir. 2017)). Second, the defendant must establish a causal nexus between its challenged conduct and official authority by showing that the conduct occurred “for or relating to” official federal authority. Id. (citing 28 U.S.C. § 1442(a)(1)). Finally, the defendant must also assert “a colorable federal defense.” Id. (citing Sawyer, 395 U.S. at 254). While the court must construe facts alleged in support of the defendant’s colorable federal defense as true, the defendant bears the burden to allege facts sufficient to allow the court to conclude that such a defense is plausible. North Carolina v. Ivory, 906 F.2d 999, 1001 (4th Cir. 1990); Jefferson Cnty. v. Acker, 527 U.S. 423, 432 (1999). Plaintiff asserts that federal officer removal is improper because Defendant fails to show that it was “acting under” federal authority and fails to raise colorable federal defenses.4 (ECF No. 25 at 19.) Specifically, Plaintiff argues that the Promoting Interoperability Program does not delegate authority to hospitals, require hospitals to maintain a public facing website, demand hospitals install software code that tracks and discloses patient information, or offer Because Plaintiff correctly asserts that Defendant has failed to demonstrate it acted under federal authority, this Court need not evaluate whether Defendant has raised colorable federal defenses. 4 6 guidance to hospitals regarding how to achieve patient accessibility. (Id. at 17.) Plaintiff thus asserts that Defendant’s use of tracking software constituted voluntary participation in a federal program rather than activity under federal authority. (Id. at 19, 21.) Plaintiff argues that despite the incentive payments Defendant received, the voluntary nature of the Promoting Interoperability Program demonstrates that the federal government would not have independently undertaken the task of improving the interoperability of Defendant’s websites absent Defendant’s participation in the program. (Id. at 19, 24.) Similarly, Plaintiff argues that Defendant’s compliance with regulations is not alone sufficient to demonstrate that Defendant acted under federal authority. (Id. at 26–27.) UMMS responds that it properly asserted federal officer jurisdiction because it “acted under” the federal Health Information Technology for Economic and Clinical Health (“HITECH”) Act and the Office of the National Coordinator for Health Information Technology (“ONC”). 5 (ECF No. 28 at 10); 42 U.S.C. § 300jj et seq.; 42 U.S.C. § 300jj-11(a). Defendant asserts that it used tracking software on its website directly in furtherance of the Promoting Interoperability Program and related Meaningful Use regulations. (ECF No. 28 at 11–12.) Defendant asserts that it developed its patient portal in accordance with ONC oversight and in exchange for federal incentive payments. (Id. at 13, 14, 17–18, 25.) Defendant argues that its relationship with the federal government exceeded mere compliance with federal initiatives and more closely mirrored a government-contractor relationship. (Id. at 20.) Finally, Defendant asserts that increasing access to health records is a basic governmental task Defendant also argues that it asserts colorable federal defenses. As noted above, the Court need not reach this contention because Defendant has failed to demonstrate that it “acted under” federal authority. 5 7 because the government was obligated to complete such access on its own even absent Defendant’s assistance. (Id. at 22–23.) In support of this assertion, Defendant cites federal regulations that require the creation of a federal program to facilitate the electronic use of health information even absent assistance from the private sector. (Id. at 23.) I. Defendant has not fulfilled the “acting under” element of Section 1442. For the purposes of § 1442, “acting under” federal authority requires a private person to act “under the ‘subjection, guidance, or control’ of a federal officer which ‘must involve an effort to assist, or to help carry out, the duties or tasks of a federal superior.’” Watson v. Philip Morris Cos., Inc., 551 U.S. 142, 150 (2007) (quoting Colorado v. Symes, 286 U.S. 510, 517 (1932)); see also Beauford v. Johns Hopkins Health Syst. Corp., Civ. No. JKB-23-0660, --F. Supp. 3d--, 2023 WL 4237373, at *3 (D. Md. Jun. 28, 2023). As this Circuit has recognized, a private actor is “acting under” federal authority when it acts to fulfill “a basic governmental task, under the government’s control or subjection, that the government would otherwise have to perform itself.” W. Va. State Univ. Bd. of Governors v. Dow Chem. Co., 23 F. 4th 288, 301–02 (4th Cir. 2022). Similarly, a private actor’s mere compliance with even the most stringent federal regulations is insufficient to demonstrate that the private actor was “acting under” federal authority. Id. at 301; see also Watson, 551 U.S. at 153 (“A private firm’s compliance (or noncompliance) with federal laws, rules, and regulations does not by itself fall within the scope of the statutory phrase ‘acting under’ a federal ‘official.’”). Here, Defendant has not demonstrated that it was “acting under” federal authority for the purposes of § 1442(a). Defendant merely acted to comply with a federal program—the Promoting Interoperability Program and concomitant “Meaningful Use” regulations—by 8 using data collection and analytics tools designed to improve patients’ online access to their medical information. See 42 C.F.R. §§ 495.2–495.370 (establishing the Meaningful Use Program and related initiatives). As Judge Bredar of this Court has noted, such voluntary compliance with a federal program cannot alone confer federal officer jurisdiction. See Beauford, 2023 WL 4237373, at *3 (holding compliance with the Meaningful Use Program does not confer federal officer jurisdiction); Beltran v. Cedars-Sinai Health Sys., Civ. No. 23-02626-DSFJPRX, 2023 WL 3620740, at *3 (C.D. Cal. May 24, 2023) (holding compliance with the Meaningful Use Program is not a basis for federal officer jurisdiction). Defendant’s receipt of incentive payments for its participation in the Promoting Interoperability Program does not transform its voluntary compliance with a federal program into a relationship in which Defendant was subject to federal “subjection, guidance, or control.” Watson, 551 U.S. at 151; see also Beauford, 2023 WL 4237373, at *3; Mohr v. Trs. of Univ. of Pa., Civ. No-23-0731, 2023 WL 3044594, at *4 (E.D. Pa. Apr. 20, 2023). Rather, the overwhelming majority of courts to have evaluated federal officer removal based on participation in the Promoting Interoperability Program have declined to find jurisdiction. See Doe v. Redeemer Health, 2023 WL 6323089, at *4 n.1 (E.D. Pa. Sept. 28, 2023) (collecting cases). Defendant also cannot demonstrate that its actions assisted federal officers by fulfilling a basic governmental task that the government was obligated to complete on its own absent Defendant’s assistance. Although Defendant notes that the federal government enlisted private healthcare providers to develop a nationwide infrastructure for electronic exchange of health information, Defendant cannot show that the government would have created patient portals or electronic access to health records for Defendant’s patients if Defendant had failed 9 to do so. As this Court has noted, nothing in the Promoting Interoperability Program authorizes the federal government to create “interoperable health information technology infrastructure” on its own. Beauford, 2023 WL 4237373, at *4 (quoting Doe I v. BJC Health Sys., Civ. No. 22-919-RWS, 2023 WL 369427, at *4 (E.D. Mo. Jan. 10, 2023)); See, e.g., 42 U.S.C. § 300jj-31(a) (“The Secretary shall . . . invest in the infrastructure necessary to allow for and promote the electronic exchange and use of health information.”) As such, Defendant cannot show that its participation in the program fulfilled a basic governmental interest. Because Defendant fails to meet the first element required to establish federal officer jurisdiction, Plaintiff’s Motion to Remand (ECF No. 25) is GRANTED. CONCLUSION For the reasons stated above, it is hereby ORDERED this 13th day of November, 2023, that Plaintiff Jane Doe’s Motion to Remand (ECF No. 25) is GRANTED, and this case is REMANDED to the Circuit Court for Baltimore City. . /s/ Richard D. Bennett United States Senior District Judge 10

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?