Quest Diagnostics and Connexin Software Lawsuits Settlement Reached

California AG Accepts $5 Million Settlement with Quest Diagnostics Concerning Improper Disposal of Waste and Patient Information

California Attorney General Rob Bonta has reported that a $5 million settlement with Quest Diagnostics has been approved to take care of allegations that it is dumping dangerous and medical waste products and disposing of the unredacted personal health information (PHI) of patients in normal garbage dumpsters. An investigation of the business procedures of Quest Diagnostics was performed. The investigation included 30 inspections at 4 Quest Diagnostic Laboratories and a number of its patient service centers located in California to see if Quest Diagnostics complied with the Medical Waste Management Act, California’s Hazardous Waste Control Law, Unfair Competition Law, and civil laws that forbid the sharing of the PHI of Californians.

The inspections involved evaluations of the contents of dumpsters at Quest facilities which discovered hundreds of containers of chemicals such as reagents and bleach, and electronic waste and batteries. The dumpsters likewise included medical waste like specimen containers that contained urine and blood, toxic waste like inflammable fluids, solvents, and batteries, and unredacted medical data.

Quest Diagnostics was informed about the results of the examinations and employed an independent environmental auditor to evaluate its waste disposal guidelines and operations, which have already changed. Personnel training on the modified policies and procedures was given in all four laboratories and over 600 patient service facilities in the state to make sure of complete compliance with California regulations.

Quest Diagnostics considers patient data privacy and environmental safety as a serious matter and has made substantial investments to employ industry recommendations to make sure harmful waste, medical waste, and confidential patient data are discarded correctly. Investments include utilizing technological know-how for the treatment of biological waste materials, secured disposal of patient records, programs to improve recycling initiatives and lessen waste-to-landfill removal, waste-to-energy conversion of non-recyclable wastes, and improved waste audit and inspection procedures to make certain continuing compliance with appropriate regulations.

The settlement consists of $700,000 in expenses, $3,999,500 in civil monetary fines, and $300,000 for a Supplemental Environmental Project to help environmental training and implementation in California, and injunctive relief demanding Quest Diagnostics to keep an environmental compliance system and employ a third-party waste auditor to perform yearly audits and document its status. The civil monetary penalties will be split among 10 counties in California. The investigation was an effort of the office of Attorney General Bonta and the District Attorney’s offices in Alameda, Monterey, Los Angeles, Orange, San Bernardino, Sacramento, San Joaquin, Yolo, San Mateo, and Ventura counties.

Quest Diagnostics’ illegal disposal of unsafe medical waste and patient data puts households and the environment in danger. The message of today’s settlement is clear that the Attorney General’s office will make companies, including healthcare services organizations, responsible for violations of state environmental and privacy regulations.

Kaiser Foundation Health Plan Foundation Inc. and Kaiser Foundation Hospitals were likewise investigated for their waste disposal practices and were in the same way determined to have wrongly discarded harmful waste, medical waste, and patient data, violating state rules. The case was resolved for $49 million in September 2023.

Connexin Software Offers to Resolve Class Action Lawsuit Settlement to Prevent Bankruptcy

Connexin Software, which is also called Office Practicum, has offered to pay $4 million to settle a combined class action lawsuit due to a 2022 data breach that impacted more or less 3 million persons. Office Practicum offers pediatric-related medical information technology solutions to healthcare organizations, which include electronic health records, practice management applications, business analytics software, and billing assistance.

On August 26, 2022, Connexin Software stated it discovered a data anomaly inside its internal system and the succeeding forensic investigation affirmed that an unauthorized third party had acquired an offline set of patient information that was utilized for data conversion and troubleshooting. The exposed information contained the PHI of 2,675,934 individuals, mostly kids. The breached data involved names, addresses, parent/guardian names, guarantor names, birth dates, medical insurance data, medical and treatment details, Social Security numbers, and claims and billing details.

Connexin Software is facing some class action lawsuits immediately after it reported the incident. Nine of the lawsuits were consolidated into a single class action lawsuit since they all have identical claims, which include a supposed inability to apply reasonable and proper security steps to safeguard patient records. Children’s information is specifically important to cyber criminals because it could be misused for a long time. The impacted individuals experienced a privacy violation and instant and long-term threats of identity theft, fraud, medical identity theft, misappropriation of medical insurance benefits, and other misuses. The plaintiffs contended that the threat actor responsible for the attack could likewise offer information about the children to human trafficking gangs.

The settlement is best for all people involved. The plaintiffs can claim compensation for out-of-pocket expenditures and Connexin Software will avert more legal expenditures. Connexin Software mentioned to the judge when submitting the preliminary settlement that in case the lawsuit had advanced much further, the organization would have no choice but to file for bankruptcy protection.

All parties have consented to the offered settlement, which has gotten preliminary acceptance from a Pennsylvania federal court judge. The class members and plaintiffs were offered three choices: 3 years of expanded identity theft protection services and a $1,000,000 identity theft insurance plan coverage; compensation for unreimbursed out-of-pocket expenditures up to as much as $7,500 for each class member; or a fixed-fee cash payment, the actual amount of which is going to be decided depending on the claims obtained. Connexin Software has likewise consented to invest $1.5 million in its information security plan to better secure patient records later on. Lawyers for the plaintiffs and class members would like about $1.3 million in charges.

The parties understood each other’s strengths and weaknesses due to the court’s judgment on Connexin’s partial request to dismiss, their exchange of many pages of paperwork, almost a dozen depositions, and mediation-related discovery and analysis aimed at Connexin’s finances. Instead of extending the lawsuit, plaintiffs have arrived at a settlement that will instantly give them and class members considerable benefits for their injuries as a result of the data breach. The settlement is presently waiting for the schedule of the final hearing.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

unlawful dumping of dangerous and medical waste products and disposed of the unredacted personal health information (PHI) of patients in normal garbage dumpsters. An investigation of the business procedures of Quest Diagnostics was performed. The investigation included 30 inspections at 4 Quest Diagnostic Laboratories and a number of its patient service centers located in California to see if Quest Diagnostics complied with Medical Waste Management Act, California’s Hazardous Waste Control Law, Unfair Competition Law, and civil laws that forbid the sharing of the PHI of Californians.

The inspections involved evaluations of the contents of dumpsters at Quest facilities which discovered hundreds of containers of chemicals such as reagents and bleach, and electronic waste and batteries. The dumpsters likewise included medical waste like specimen containers that contained urine and blood, toxic waste like inflammable fluids, solvents, and batteries, and unredacted medical data.

Quest Diagnostics was informed about the results of the examinations and employed an independent environmental auditor to evaluate its waste disposal guidelines and operations, which are already changed. Personnel training on the modified policies and procedures were given in all four laboratories and over 600 patient service facilities in the state to make sure of complete compliance with California regulations.

Quest Diagnostics considers patient data privacy and the environment safety as a serious matter and has made substantial investments to employ industry recommendations to make sure harmful waste, medical waste, and confidential patient data are discarded correctly. Investments include utilizing technological know-how for treatment of biological waste materials, secured disposal of patient records, programs to improve recycling initiatives and lessen waste-to-landfill removal, waste-to-energy conversion of non-recyclable wastes, and improved waste audit and inspection procedures to make certain continuing compliance with appropriate regulations.

The settlement consists of $700,000 in expenses, $3,999,500 in civil monetary fines, and $300,000 for a Supplemental Environmental Project to help environmental training and implementation in California, and injunctive relief demanding Quest Diagnostics to keep an environmental compliance system and employ a third-party waste auditor to perform yearly audits and document its status. The civil monetary penalties will be split among 10 counties in California. The investigation was an effort of the office of Attorney General Bonta and the District Attorney’s offices in Alameda, Monterey, Los Angeles, Orange, San Bernardino, Sacramento, San Joaquin, Yolo, San Mateo and Ventura counties.

Quest Diagnostics’ illegal disposal of unsafe medical waste and patient data put households and environment in danger. The message of today’s settlement is clear that the Attorney General’s office will make companies, including healthcare services organizations, responsible for violations of state environmental and privacy regulations.

Kaiser Foundation Health Plan Foundation Inc. and Kaiser Foundation Hospitals were likewise investigated for their waste disposal practices and were in the same way determined to have wrongly discarded harmful waste, medical waste, and patient data, violating state rules. The case was resolved for $49 million in September 2023.

Connexin Software Offers to Resolve Class Action Lawsuit Settlement to Prevent Bankruptcy

Connexin Software, which is also called Office Practicum, has offered to pay $4 million to settle a combined class action lawsuit due to a 2022 data breach that impacted more or less 3 million persons. Office Practicum offers pediatric-related medical information technology solutions to healthcare organizations, which include electronic health records, practice management application, business analytics software and billing assistance.

On August 26, 2022, Connexin Software stated it discovered a data anomaly inside its internal system and the succeeding forensic investigation affirmed that an unauthorized third party had acquired an offline set of patient information that was utilized for data conversion and troubleshooting. The exposed information contained the PHI of 2,675,934 individuals, mostly kids. The breached data involved names, addresses, parent/guardian names, guarantor names, birth dates, medical insurance data, medical and treatment details, Social Security numbers, and claims and billing details.

Connexin Software is facing a number of class action lawsuits immediately after it reported the incident. Nine of the lawsuits were consolidated into a single class action lawsuit since they all have identical claims, which include a supposed inability to apply reasonable and proper security steps to safeguard patient records. Children’s information are specifically important to cybercriminals because it could be misused for a long time. The impacted individuals experienced an intrusion of privacy and instant and long-term threats of identity theft, fraud, medical identity theft, misappropriation of medical insurance benefits, and other misuses. The plaintiffs contended that the threat actor responsible for the attack can likewise offer the information of children to human trafficking gangs.

The settlement is best for all people involved. The plaintiffs can claim for compensation of out-of-pocket expenditures and Connexin Software will avert more legal expenditures. Connexin Software mentioned to the judge when submitting the preliminary settlement that in case the lawsuit had advanced much further, the organization would have no choice but to file for bankruptcy protection.

All parties have consented to the offered settlement, which has gotten preliminary acceptance from a Pennsylvania federal court judge. The class members and plaintiffs were offered three choices: 3 years of expanded identity theft protection services and a $1,000,000 identity theft insurance plan coverage; compensation for unreimbursed out-of-pocket expenditures up to as much as $7,500 for each class member; or a fixed-fee cash payment, the actual amount of which is going to be decided depending on the claims obtained. Connexin Software has likewise consented to invest $1.5 million in its information security plan to better secure patient records later on. Lawyers for the plaintiffs and class members would like about $1.3 million in charges.

The parties understood each other’s strengths and weeknesses due to the court’s judgment on Connexin’s partial request to dismiss, their exchange of many pages of paperwork, almost a dozen depositions, and mediation-related discovery and analysis aimed at Connexin’s finances. Instead of extending the lawsuit, plaintiffs have arrived at a settlement that will instantly give them and class members considerable benefits for their injuries as a result of the data breach. The settlement is presently waiting for the schedule of the final hearing.

About Christine Garcia 1201 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA