Whistleblower lawsuit Verily covered up HIPAA violations

pppIn this articleppAlphabets health tech subsidiary Verily used the health data of more than 25000 patients without authorization and actively covered up those violations a former company executive alleges ppThe executive Ryan Sloan claims Verily fired him after he discovered breaches of the Health Insurance Portability and Accountability Act or HIPAA and reported his concerns to the companys senior managementppPatient data in the US is protected under HIPAA which ensures the sensitive information cannot be disclosed without a patients consentppSloans allegations are detailed in a pending lawsuit in federal court in San Francisco The suit which was filed late last year has not been previously reportedppOn Monday the judge overseeing Sloans case denied a request by Verily to dismiss his civil complaint or to send the dispute to arbitrationppVerily believes the allegations and contentions alleged in this employment matter that was commenced in 2023 are completely without merit Verily will defend itself to the full extent of the law a company spokesperson told CNBC in a statement Verily is an equal opportunity employer and takes its responsibility and commitment to abide by all laws and regulations seriously  As this is an ongoing legal matter Verily will not be providing further comment at this timeppRepresentatives for Sloan did not commentppVerily started as a moon shot in 2015 within Alphabets innovation lab X formerly known as Google X Its Googles sister company and operates under Alphabets Other Bets categoryppThe company hired Sloan in 2020 to serve as the chief commercial officer of its diabetes and hypertension business Verily OnduoppIn January 2022 Sloan alleged that he and Julia Feldman Onduos general counsel discovered Verily had improperly used patients protected health information in its research marketing campaigns press releases and national conferences The extensive violations affected more than 25000 patients in Onduos diabetes program according to an amended complaint filed in June ppSloan and Feldman informed senior Verily leaders of their findings the filing said and they repeatedly raised the issue An internal investigation at Verily confirmed several HIPAA breaches took place according to the filingppBetween January and March of 2022 internal investigators at Verily confirmed multiple breaches of fourteen 14 separate HIPAA Business Associate Agreements with large covered entity clients of Onduo between 2017 and 2021 the filing saidppPatients who accessed Verily Onduo through these clients â which include Walgreens Boots Alliance Highmark Health Quest Diagnostics and Delta Air Lines among others â may have been affected by the breaches ppDelta said in a statement that it doesnt have a comment on the suit but our employees personal information is important to usppWe are looking into this and will make sure any impact to our people is appropriately addressed the company saidppQuest said in a statement that We are not familiar with the allegations and have no further commentppHighmark declined to comment Walgreens did not respond to CNBCs requests for commentppUnder HIPAA companies like Verily are supposed to notify impacted parties no later than 60 days after discovering a breach Verily decided to delay the decision of notifying the covered entities according to the filing and the company engaged in negotiations to renew many of those contracts without revealing that a HIPAA breach had recently occurred ppDuring a contract negotiation between Verily and Highmark Health in August of 2022 Verily represented that it was in compliance with HIPAA at all times while knowingly concealing that a HIPAA breach had occurred the filing said ppThat same month Verily terminated Feldman and another employee who was aware of the breachesppWhen Sloan reiterated his concerns about the breaches to Lisa Greenbaum Verilys then chief revenue officer in October 2022 she allegedly defended the companys decision not to disclose them and said that doing so would negatively affect public relations the filing saidppGreenbaum joined Doximity another healthcare technology company as chief commercial officer in January 2024 according to her LinkedIn ppDoximity did not immediately respond to CNBCs request for commentppIn November 2022 Verily allegedly suppressed a press release out of concern that it would draw attention to previous marketing studies that violated its HIPAA Business Associate Agreements The company removed the press release from its website and instructed employees not to mention it again according to the filing ppSloan was officially terminated from Verily in January of 2023 while on protected leave to care for his critically ill mother the filing said ppThe lawsuit marks the latest in a series of stumbles at Verily which despite raising more than 1 billion from investors has struggled to latch onto a winning product Verily is reportedly transitioning from a limited liability company or an LLC to an investorfriendly CCorp structure to prepare for a fresh round of funding according to a report from Business Insider on WednesdayppVerily originally developed hardware like continuous glucose monitors before pivoting to pandemic response when Covid19 broke out in 2020 then switched directions again to focus on precision health in 2022 ppThe company introduced a new artificial intelligencepowered chroniccare solution called Verily Lightpath last year and announced it was selling its stoploss insurance subsidiary Granular Insurance Co in Februaryppâ CNBCs Lora Kolodny and Dan Mangan contributed to this reportppWATCH Googleâs ad tech trial strategy as AI advertising war loomsppGot a confidential news tip We want to hear from youppSign up for free newsletters and get more CNBC delivered to your inboxppGet this delivered to your inbox and more info about our products and servicespp 2025 CNBC LLC All Rights Reserved A Division of NBCUniversalpp
Data is a realtime snapshot Data is delayed at least 15 minutes
Global Business and Financial News Stock Quotes and Market Data
and Analysis
ppData also provided byp