Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF INDIANA
FORT WAYNE DIVISION
_______________________________________
)
FLOYD HARRIS, on behalf of ) Class Action Complaint
himself and all others similarly situated, )
) Demand for Jury Trial
Plaintiff, )
)
vs. ) No. 1:15-cv-225
)
MEDICAL INFORMATICS )
ENGINEERING, INC., )
)
Defendant. )
_______________________________________)
CLASS ACTION COMPLAINT
Plaintiff Floyd Harris (“Plaintiff”), on behalf of himself and all others similarly situated,
alleges as follows:
NATURE OF THE CASE
1. This is a data breach class action on behalf of 3.9 million patients whose sensitive
personal information including Social Security numbers and medical histories was stolen from
Defendant Medical Informatics Engineering, Inc. (“Defendant”) in a cyber-attack.
2. Defendant failed to adequately safeguard class members’ personal information.
Lack of proper safeguards provided a means for unauthorized intruders to enter into Defendant’s
computer network and steal class members’ personal information.
3. According to Defendant’s public announcement of the breach, the compromised
data included “name, telephone number, mailing address, username, hashed password, security
question and answer, spousal information (name and potentially date of birth), email address,
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 1 of 18
2
date of birth, Social Security number, lab results, health insurance policy information, diagnosis,
disability code, doctor’s name, medical conditions, and child’s name and birth statistics.”1
4. Armed with this highly sensitive information, computer hackers can open new
financial accounts in victims’ names, obtain medical services using victims’ identities, and
commit other forms of identity theft.
5. Defendant’s business includes entering into contracts with hospitals and health
care facilities to provide electronic storage and administration of patient medical records.
6. On May 7, 2015, unauthorized third parties entered into Defendant’s computer
network.
7. On May 26, 2015, nineteen days after the initial intrusion, Defendant discovered
suspicious activity on one of its servers.
8. On June 10, 2015, Defendant publicly announced the breach.
9. As a result of the breach, Plaintiff and class members have been exposed to a
heightened and imminent risk of fraud and identity theft. Plaintiff and class members must now
closely monitor their financial accounts and medical information to guard against identity theft,
and spend time and money addressing any identity theft. Class members may also incur out of
pocket costs for credit freezes, credit reports, and other protective measures to detect or deter
identity theft.
10. Defendant has been unjustly enriched in connection with its wrongdoing.
Defendant received fees from hospitals and health care facilities to electronically administer
class members’ personal and medical information. Part of those fees was intended to fund
adequate data security. Defendant failed to provide adequate security. Defendant received an
unjust monetary benefit given its failure to provide adequate safeguards over Class members’
1 https://www.mieweb.com/notice/faqs (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 2 of 18
3
sensitive information.
11. Plaintiff seeks to remedy these harms on behalf of himself and all similarly-
situated individuals whose personal and medical information was accessed during the breach.
12. Plaintiff seeks remedies including improved data security, continued credit
monitoring services, reimbursement of out-of-pocket losses, and disgorgement of Defendant’s
unjustly retained fees.
PARTIES
13. Plaintiff Floyd Harris is domiciled in and a citizen of Michigan. He received a
letter from Defendant dated July 17, 2015 stating that his “personal and protected health
information” was compromised in the data breach. The letter stated that his Social Security
number, address, phone number, email address, birth date, username, password, and security
question was compromised. The letter implied that Defendant obtained Plaintiff’s personal and
medical information in connection with services Plaintiff received at a local hospital. The
hospital is a client of Defendant that entrusted Defendant with Plaintiff’s personal and medical
information.
14. Plaintiff would not have allowed Defendant to obtain his sensitive information
had he been aware that Defendant lacked adequate data security safeguards.
15. Defendant Medical Informatics Engineering, Inc. is a citizen of Indiana.
Defendant is incorporated in Indiana and has its principal place of business at 6302 Constitution
Drive, Fort Wayne, IN 46804.
16. Defendant provides electronic medical records services to hospitals, health care
providers, and patients.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 3 of 18
4
JURISDICTION & VENUE
17. This Court has diversity jurisdiction under the Class Action Fairness Act, 28
U.S.C. § 1332(d), because this is a class action involving more than 100 class members, the
amount in controversy exceeds $5,000,000 exclusive of interest and costs, and many members of
the class are citizens of states different from Defendant.
18. Venue is proper in this Court pursuant to 28 U.S.C. § 1391 because Defendant is
headquartered here and regularly transacts business here, and some of the class members reside
in this District. The causes of action also arose, in part, in this District.
FACTS
19. Defendant’s core business is to provide the electronic sharing of information
throughout a “healthcare community that includes hospitals, physicians, laboratories and
diagnostic testing facilities and – of course – patients.”2
20. Defendant’s data sharing systems are “100 percent web based and can be accessed
via any web-enabled device, from office desktop computers, to laptops or tablets, to mobile
phones.”3
21. Defendant sells its services to hospitals and health care facilities.
22. Defendant operates a subsidiary, NoMoreClipboard, which provides electronic
data storage services directly to patients free of charge.4 The NoMoreClipboard website states:
A NoMoreClipboard personal health record (PHR) is the better way to manage
your medical information: all in one place, online. No matter what systems your
doctors use, you can create, update, organize, store and access your
2 http://www.mieweb.com/company/about (last visited Aug. 18, 2015).
3 http://www.mieweb.com/company/about (last visited Aug. 18, 2015).
4 https://www.nomoreclipboard.com/patients/faqs (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 4 of 18
5
NoMoreClipboard records any time, using any computer, tablet or smartphone.5
According to the NoMoreClipboard website, a patient’s electronic health record may contain,
among other things, “lab results, medication lists, immunization records, patient visit summaries,
radiology, and other diagnostic reports.”6
I. Defendant’s Data Breach
23. Defendant posted the following notice on its website:
Fort Wayne, Indiana, July 23, 2015 – Medical Informatics Engineering is
providing an update to our June 10, 2015 notice of a data security compromise
that has affected the security of some personal and protected health information
relating to certain clients and individuals who have used a Medical Informatics
Engineering electronic health record. We emphasize that the patients of only
certain clients of Medical Informatics Engineering were affected by this
compromise and those clients have all been notified.
On May 26, 2015, we discovered suspicious activity in one of our servers. We
immediately began an investigation to identify and remediate any identified
security vulnerability. Our first priority was to safeguard the security of personal
and protected health information, and we have been working with a team of third-
party experts to investigate the attack and enhance data security and protection.
This investigation is ongoing. . . . The investigation indicates this is a
sophisticated cyber attack. Our forensic investigation indicates the unauthorized
access to our network began on May 7, 2015. Our monitoring systems helped
us detect this unauthorized access, and we were able to shut down the attackers as
they attempted to access client data.
We are continuing to take steps to remediate and enhance the security of our
systems. Remedial efforts include removing the capabilities used by the intruder
to gain unauthorized access to the affected systems, enhancing and strengthening
password rules and storage mechanisms, increased active monitoring of the
affected systems, and intelligence exchange with law enforcement. We have also
instituted a universal password reset.
Information compromised
While investigations into this incident are ongoing, we determined the security of
some personal and protected health information contained on Medical Informatics
Engineering’s network has been affected. The affected data relating to
individuals affiliated with affected Medical Informatics Engineering clients may
5 https://www.nomoreclipboard.com/patients/ (last visited Aug. 18, 2015).
6 https://www.nomoreclipboard.com/patients/about (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 5 of 18
6
include an individual’s name, telephone number, mailing address, username,
hashed password, security question and answer, spousal information (name
and potentially date of birth), email address, date of birth, Social Security
number, lab results, health insurance policy information, diagnosis, disability
code, doctor's name, medical conditions, and child’s name and birth
statistics.
Notification
On June 2, 2015, we began contacting and mailing notice letters disclosing this
incident to affected Medical Informatics Engineering clients.
On July 17, 2015, we began mailing notice letters to affected individuals for
whom we have a valid postal address through U.S. mail, and we expect those
letters to be mailed on or before July 25, 2015. Information contained in the
notice letter is available at www.mieweb.com. We have also disclosed this
incident to certain state and federal regulators and to the consumer reporting
agencies.
Identity protection services
As the investigations continue, and out of an abundance of caution, we are
offering affected individuals access to two years of credit monitoring and
identity protection services at no cost.7
24. Defendant provided a list of its clients that were affected by the breach.8 There
were 11 healthcare providers and 44 radiology centers affected by the breach. The personal and
medical information of those clients’ patients was compromised during the breach.
25. The breach also extended to Defendant’s NoMoreClipboard subsidiary.9
26. Defendant recommended that breach victims place a security freeze on their credit
report.10
Defendant acknowledged that credit reporting agencies may impose fees for credit
7 https://www.mieweb.com/notice/ (last visited Aug. 18, 2015) (emphasis added).
8 Id.
9 https://www.nomoreclipboard.com/notice (last visited Aug. 18, 2015).
10
https://www.mieweb.com/notice/ (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 6 of 18
7
freezes in certain states.11
Such fees constitute out-of-pocket costs to Class members.
27. The Indiana Attorney General (“AG”) is investigating the breach. The AG
recommended that affected individuals sign up for a “credit freeze” on their credit report, and
that they review and monitor their credit report.12
28. Credit reporting agencies offer consumers one free credit report per year.
Individuals who request more than one credit report per year must pay a fee for the additional
report. Such fees constitute out-of-pocket costs to Class members.
29. The breach affected 3.9 million individuals.13
30. There was a 19 day lag between the date of the intrusion and the date Defendant
discovered suspicious activity on its servers. This lengthy lag is indicative of weak data
monitoring procedures.
II. Defendant’s Privacy Policy
31. Defendant posted its privacy policy on its website. The privacy policy stated in
relevant part: “[P]rotecting your privacy is of the utmost importance. Information furnished by
you to us will be treated with the greatest respect.”14
32. Defendant’s subsidiary NoMoreClipboard posted its privacy policy on its website.
That privacy policy stated in relevant part:
[L]aws have been enacted to honor the privileged nature of information
exchanged between patients and their doctors. HIPAA, the guiding rule of law on
patient privacy, asserts that safeguards must be in place for ‘protected health
11
https://www.mieweb.com/notice/ (last visited Aug. 18, 2015).
12
http://www.in.gov/activecalendar/EventList.aspx?view=EventDetails&eventidn=222333&
information_id=217385 (last visited Aug. 18, 2015).
13
https://www.mieweb.com/notice/faqs (last visited Aug. 18, 2015). 14
http://www.mieweb.com/privacy (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 7 of 18
8
information’, defined by that same law as ‘individually identifiable information.’ .
. .
. . . .
NoMoreClipboard.com was designed to support the privacy and security
requirements of HIPAA while enabling you to use the service from any computer
with Internet access. . . . As it pertains to NoMoreClipboard.com, our
responsibilities are to make the information you provide on our site available to
you, and to administer the system to ensure that your privacy and security are
protected.15
33. NoMoreClipboard provided additional information about its privacy practices as
follows:
Is NoMoreClipboard information confidential and secure?
Yes. The NoMoreClipboard site uses the same type of Secure Socket Layer (SSL)
account security used by financial institutions and major retailers. Further, the
site’s security is approved by VeriSign™, the leading certificate authority on the
internet. Your information resides at our US-based corporate data center, stored
behind a firewall that protects your records from unauthorized users. . . .
NoMoreClipboard will never share any of your personal information, including
your email address, without your express permission.
. . . .
Does NoMoreClipboard follow appropriate privacy practices?
NoMoreClipboard works diligently to keep your health information private, safe
and secure. . . . 16
34. The implication from these privacy policies is that Defendant will adequately
safeguard Class members’ data, and that Defendant is unaware of material data security
vulnerabilities.
III. Identity Theft Consequences
35. According to the U.S. Secret Service, identity thieves can use Social Security
15
https://www.nomoreclipboard.com/privacy/full-policy (last visited Aug. 18, 2015).
16
https://www.nomoreclipboard.com/patients/faqs (last visited Aug. 18, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 8 of 18
9
numbers and related information to perpetrate a variety of crimes including, e.g., opening new
financial accounts in another person’s name; taking out loans in another person’s name; opening
utility accounts; obtaining medical services using the victim’s information; using the victim’s
information to obtain government benefits; filing a fraudulent tax return using the victim’s
information to obtain a tax refund; obtaining a driver’s license or identification card in the
victim’s name but with another person’s picture; or giving false information to police during an
arrest.17
36. Health care companies like Defendant have an obligation to maintain the security
of patients’ personal and financial information. The New York Times has reported that the
“threat of a hacking is particularly acute in the health care and financial services industry, where
companies routinely keep the most sensitive personal information about their customers on large
databases.”18
37. Indeed, on April 8, 2014, the FBI’s Cyber Division publicly issued an Industry
Notification titled “Health Care Systems and Medical Devices at Risk for Increased Cyber
Intrusions for Financial Gain.” The notification cautioned that “[c]yber actors will likely
increase cyber intrusions against health care systems . . . due to . . . lax cybersecurity standards,
and a higher financial payout for medical records in the black market.”19
CLASS ACTION ALLEGATIONS
38. Plaintiff brings all claims as class claims under Federal Rule of Civil Procedure
23. The requirements of Federal Rule of Civil Procedure 23(a), 23(b)(2), and 23(b)(3) are met
17
www.secretservice.gov/press/Take_Charge.pdf (last visited Aug. 10, 2015).
18
http://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html
(last visited Aug. 10, 2015).
19
https://info.publicintelligence.net/FBI-HealthCareCyberIntrusions.pdf (last visited Aug. 10, 2015).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 9 of 18
10
with respect to the Class.
39. The proposed class (“Class”) is defined as follows:
All persons in the United States whose personal information was accessed by
unauthorized individuals in the Medical Informatics Engineering, Inc. data
breach.
40. Excluded from the Class are Defendant and its current or former employees.
41. The Class is so numerous that joinder of all members is impracticable. The Class
includes approximately 3.9 million individuals whose personal information was compromised by
the data breach.
42. There are various questions of law and fact common to Plaintiffs and the class,
including but not limited to the following:
whether Defendant engaged in the wrongful conduct alleged herein;
whether Defendant owed a duty to Plaintiff and class members to adequately
protect their personal information;
whether Defendant breached its duties to protect the personal information of
Plaintiff and class members by failing to provide adequate data security;
whether Defendant knew or should have known that its data security systems
were vulnerable to attack;
whether Plaintiff and class members suffered legally cognizable damages as a
result of Defendant’s conduct; and
whether Plaintiff and class members are entitled to equitable relief, including
injunctive relief, restitution, or disgorgement.
43. Plaintiff’s claims are typical of the claims of the Class in that Plaintiff, like all
Class members, had his personal information compromised in the data breach.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 10 of 18
11
44. Plaintiff will fairly and adequately protect the interests of the Class. Plaintiff has
retained counsel experienced in class action and complex litigation, including data breach
litigation.
45. Plaintiff has no interests that are adverse to, or in conflict with, the Class.
46. Questions of law and fact common to the Class predominate over any questions
which may affect only individual Class members.
47. A class action is superior to other available methods for the fair and efficient
adjudication of the controversy. Class treatment of common questions of law and fact is superior
to multiple individual actions or piecemeal litigation.
48. Absent a class action, most Class members would likely find the cost of litigating
their claims prohibitively high and would therefore have no effective remedy.
49. The prosecution of separate actions by individual Class members would create a
risk of inconsistent or varying adjudications with respect to individual Class members, which
would establish incompatible standards of conduct for Defendant. In contrast, the conduct of this
action as a class action presents far fewer management difficulties, conserves judicial resources
and the parties’ resources, and protects the rights of each Class member.
50. Defendant has acted on grounds that apply generally to the Class, so that
injunctive relief is appropriate with respect to the class as a whole under Fed. R. Civ. P. 23(b)(2).
COUNT I – NEGLIGENCE
51. Plaintiff incorporates by reference those paragraphs set out above as if fully set
forth herein.
52. Defendant owed a duty to Plaintiff and Class members to exercise reasonable care
in obtaining, retaining, and safeguarding their personal and medical information. This duty
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 11 of 18
12
included, among other things, designing, maintaining, monitoring, and testing Defendant’s
security systems to ensure that Class members’ personal and medical information was adequately
secured. Defendant owed a duty to Class members to implement intrusion detection processes
that would detect a data breach in a timely manner. Defendant also had a duty to delete any
personal information that was no longer needed to serve client needs.
53. Defendant’s privacy policy acknowledged Defendant’s duty to adequately protect
Class members’ personal and medical information.
54. Defendant owed a duty to safeguard Class members’ personal and financial
information as set forth in HIPPA, e.g., 45 C.F.R. §§ 164.306(a), 308(a), 312(a) & (d); 45 C.F.R.
§ 164.530(c).
55. Defendant owed a duty to provide Class members with timely notice that their
personal and financial information had been accessed by unauthorized individuals.
56. Defendant owed a duty to disclose the material fact that Defendant’s data security
practices were inadequate to safeguard Class members’ personal information.
57. Defendant breached its duties by, among other things: (a) failing to maintain
adequate data security practices to safeguard Class members’ personal and medical information;
(b) failing to detect the data breach in a timely manner; and (c) failing to disclose that
Defendant’s data security practices were inadequate to safeguard Class members’ personal and
medical information.
58. But for Defendant’s breach of duties, Class members’ personal and medical
information would not have been accessed by unauthorized individuals.
59. Plaintiff and Class members were foreseeable victims of Defendant’s inadequate
security practices. Defendant knew or should have known that a breach of its systems would
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 12 of 18
13
cause damages to Class members.
60. Plaintiff and the Class suffered damages as set forth in paragraph 9 above.
61. The damages to Plaintiff and the Class were caused by, and a proximate result of,
Defendant’s breach of its duties.
COUNT II - BREACH OF IMPLIED CONTRACT
62. Plaintiff incorporates by reference those paragraphs set out above as if fully set
forth herein.
63. When Class members provided their personal and medical information to
Defendant, or allowed hospitals and health care providers to provide Class members’ personal
and medical information to Defendant, Class members entered into implied contracts with
Defendant. Pursuant to those implied contracts, Defendant agreed to take reasonable measures
to safeguard and protect Class members’ sensitive information.
64. Plaintiff and Class members would not have entrusted their personal and medical
information to Defendant in the absence of Defendant’s implied promise to adequately safeguard
the data.
65. Defendant breached the implied contracts by failing to provide reasonable data
security measures to safeguard the sensitive information.
66. The damages sustained by Plaintiff and Class members described in paragraph 9
above were the direct and proximate result of Defendant’s breaches of its implied contracts.
COUNT III - BREACH OF EXPRESS CONTRACT
67. Plaintiff incorporates by reference those paragraphs set out above as if fully set
forth herein.
68. Defendant entered into express contracts with those Class members who signed
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 13 of 18
14
up with Defendant through Defendant’s NoMoreClipboard subsidiary.
69. Moreover, Plaintiff and Class members are intended third party beneficiaries of
Defendant’s contracts with hospitals and health care facilities.
70. Also, Defendant has a contractual obligation to maintain the security of Class
members’ personal and medical information as noted in Defendant’s privacy policy.
71. When Class members provided their personal and medical information to
Defendant, Class members entered into contracts with Defendant pursuant to which Defendant
agreed to take reasonable measures to safeguard and protect such information.
72. Similarly, when hospitals and medical facilities provided Class members’
personal and medical information to Defendant, Class members were the intended third party
beneficiaries of Defendant’s duty to safeguard the data.
73. Plaintiff and Class members would not have entrusted their personal and medical
information to Defendant, directly or indirectly, in the absence of Defendant’s promise to
adequately safeguard the data.
74. Defendant breached the contracts it entered into by failing to provide reasonable
data security measures.
75. The damages sustained by Plaintiff and Class members described in paragraph 9
above were the direct and proximate result of Defendant’s breaches of its contracts.
COUNT IV – VIOLATION OF THE
INDIANA DECEPTIVE CONSUMER SALES ACT
76. Plaintiff incorporates by reference those paragraphs set out above as if fully set
forth herein.
77. Defendant’s conduct in failing to adequately safeguard Class members’ personal
and medical information violated Ind. Code § 24-5-0.5-3(a).
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 14 of 18
15
78. Defendant represented that it would adequately protect Class members’
information, but Defendant failed to do so. Defendant failed to maintain adequate data security
practices, failed to detect the data intrusion in a timely manner, and failed to disclose the fact that
its data security systems were inadequate to prevent a data intrusion.
79. Plaintiff and Class members relied on Defendant’s misrepresentations and
omissions.
80. Defendant’s deceptive acts and omissions were conducted as part of a scheme,
artifice, or device with intent to defraud or mislead. Defendant’s conduct constitutes an
incurable deceptive act under Ind. Code § 24-5-.05-4(a) and §24-5-0.5-2(a)(8).
81. Plaintiff and Class members are entitled to the greater of actual damages or $500
in statutory damages under Ind. Code § 24-5-0.5-4(a).
82. With respect to Defendant’s willful deceptive acts, Plaintiff and Class members
are entitled to the greater of three times the actual damages or $1,000 in statutory damages under
Ind. Code § 24-5-0.5-4(a).
83. Plaintiff and Class members are also entitled to reasonable attorney fees under
Ind. Code § 24-5-0.5-4(a).
COUNT V – UNJUST ENRICHMENT
84. Plaintiff incorporates by reference those paragraphs set out above as if fully set
forth herein.
85. Defendant received monetary benefits in the form of fees paid by hospitals and
health care providers to provide electronic storage and administration of Class members’
sensitive information.
86. Monies paid to Defendant were intended to be used by Defendant, in part, to fund
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 15 of 18
16
reasonable data security.
87. Defendant failed to provide reasonable data security. As a result, Defendant was
unjustly enriched.
88. Under principles of equity, Defendant should not be permitted to retain a portion
of the money it received.
89. Defendant wrongfully accepted and retained monetary benefits to the detriment of
Plaintiff and Class members.
90. As a result of Defendant’s wrongful conduct, Plaintiff and the Class are entitled to
restitution and disgorgement of a portion of the fees received by Defendant.
RELIEF REQUESTED
Plaintiff, on behalf of himself and all others similarly situated, requests that the Court
enter judgment against Defendant as follows:
1. An award to Plaintiff and the Class of compensatory, consequential, incidental,
and statutory damages;
2. An award of further credit monitoring and identity theft protection services
beyond the two years Defendant is currently offering;
3. Injunctive relief requiring Defendant to strengthen its data security systems and
submit to future periodic audits;
4. An award of attorneys’ fees, costs, and expenses, as provided by law or equity;
5. An award of pre-judgment and post-judgment interest, as provided by law or
equity; and
6. Such other or further relief as the Court may allow.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 16 of 18
17
DEMAND FOR JURY TRIAL
Plaintiff demands a trial by jury of all issues in this action so triable of right.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 17 of 18
18
Dated: August 20, 2015 Respectfully submitted,
s/ Irwin B. Levin
COHEN & MALAD, LLP
Irwin B. Levin, No. 8786-49
Richard E. Shevitz, No. 12007-49
Vess A. Miller, No. 26495-53
Lynn A. Toops, No. 26386-49A
One Indiana Square, Suite 1400
Indianapolis, IN 46204
Telephone: (317) 636-6481
Fax: (317) 636-2593
BERGER & MONTAGUE, P.C.
Sherrie Savett
Shanon Carson
Jon Lambiras
1622 Locust St.
Philadelphia, PA 19103
Telephone: (215) 875-3000
Fax: (215) 875-4604
Counsel for Plaintiff and the Proposed Class
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1 filed 08/20/15 page 18 of 18
JS 44 (Rev. 12/12) CIVIL COVER SHEETThe JS 44 civil cover sheet and the information contained herein neither replace nor supplement the filing and service of pleadings or other papers as required by law, except asprovided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, is required for the use of the Clerk of Court for thepurpose of initiating the civil docket sheet. (SEE INSTRUCTIONS ON NEXT PAGE OF THIS FORM.)
I. (a) PLAINTIFFS DEFENDANTS
(b) County of Residence of First Listed Plaintiff County of Residence of First Listed Defendant(EXCEPT IN U.S. PLAINTIFF CASES) (IN U.S. PLAINTIFF CASES ONLY)
NOTE: IN LAND CONDEMNATION CASES, USE THE LOCATION OF THE TRACT OF LAND INVOLVED.
(c) Attorneys (Firm Name, Address, and Telephone Number) Attorneys (If Known)
II. BASIS OF JURISDICTION (Place an “X” in One Box Only) III. CITIZENSHIP OF PRINCIPAL PARTIES (Place an “X” in One Box for Plaintiff(For Diversity Cases Only) and One Box for Defendant)
’ 1 U.S. Government ’ 3 Federal Question PTF DEF PTF DEFPlaintiff (U.S. Government Not a Party) Citizen of This State ’ 1 ’ 1 Incorporated or Principal Place ’ 4 ’ 4
of Business In This State
’ 2 U.S. Government ’ 4 Diversity Citizen of Another State ’ 2 ’ 2 Incorporated and Principal Place ’ 5 ’ 5Defendant (Indicate Citizenship of Parties in Item III) of Business In Another State
Citizen or Subject of a ’ 3 ’ 3 Foreign Nation ’ 6 ’ 6 Foreign Country
IV. NATURE OF SUIT (Place an “X” in One Box Only)CONTRACT TORTS FORFEITURE/PENALTY BANKRUPTCY OTHER STATUTES
’ 110 Insurance PERSONAL INJURY PERSONAL INJURY ’ 625 Drug Related Seizure ’ 422 Appeal 28 USC 158 ’ 375 False Claims Act’ 120 Marine ’ 310 Airplane ’ 365 Personal Injury - of Property 21 USC 881 ’ 423 Withdrawal ’ 400 State Reapportionment’ 130 Miller Act ’ 315 Airplane Product Product Liability ’ 690 Other 28 USC 157 ’ 410 Antitrust’ 140 Negotiable Instrument Liability ’ 367 Health Care/ ’ 430 Banks and Banking’ 150 Recovery of Overpayment ’ 320 Assault, Libel & Pharmaceutical PROPERTY RIGHTS ’ 450 Commerce
& Enforcement of Judgment Slander Personal Injury ’ 820 Copyrights ’ 460 Deportation’ 151 Medicare Act ’ 330 Federal Employers’ Product Liability ’ 830 Patent ’ 470 Racketeer Influenced and’ 152 Recovery of Defaulted Liability ’ 368 Asbestos Personal ’ 840 Trademark Corrupt Organizations
Student Loans ’ 340 Marine Injury Product ’ 480 Consumer Credit (Excludes Veterans) ’ 345 Marine Product Liability LABOR SOCIAL SECURITY ’ 490 Cable/Sat TV
’ 153 Recovery of Overpayment Liability PERSONAL PROPERTY ’ 710 Fair Labor Standards ’ 861 HIA (1395ff) ’ 850 Securities/Commodities/ of Veteran’s Benefits ’ 350 Motor Vehicle ’ 370 Other Fraud Act ’ 862 Black Lung (923) Exchange
’ 160 Stockholders’ Suits ’ 355 Motor Vehicle ’ 371 Truth in Lending ’ 720 Labor/Management ’ 863 DIWC/DIWW (405(g)) ’ 890 Other Statutory Actions’ 190 Other Contract Product Liability ’ 380 Other Personal Relations ’ 864 SSID Title XVI ’ 891 Agricultural Acts’ 195 Contract Product Liability ’ 360 Other Personal Property Damage ’ 740 Railway Labor Act ’ 865 RSI (405(g)) ’ 893 Environmental Matters’ 196 Franchise Injury ’ 385 Property Damage ’ 751 Family and Medical ’ 895 Freedom of Information
’ 362 Personal Injury - Product Liability Leave Act Act Medical Malpractice ’ 790 Other Labor Litigation ’ 896 Arbitration
REAL PROPERTY CIVIL RIGHTS PRISONER PETITIONS ’ 791 Employee Retirement FEDERAL TAX SUITS ’ 899 Administrative Procedure’ 210 Land Condemnation ’ 440 Other Civil Rights Habeas Corpus: Income Security Act ’ 870 Taxes (U.S. Plaintiff Act/Review or Appeal of ’ 220 Foreclosure ’ 441 Voting ’ 463 Alien Detainee or Defendant) Agency Decision’ 230 Rent Lease & Ejectment ’ 442 Employment ’ 510 Motions to Vacate ’ 871 IRS—Third Party ’ 950 Constitutionality of’ 240 Torts to Land ’ 443 Housing/ Sentence 26 USC 7609 State Statutes’ 245 Tort Product Liability Accommodations ’ 530 General’ 290 All Other Real Property ’ 445 Amer. w/Disabilities - ’ 535 Death Penalty IMMIGRATION
Employment Other: ’ 462 Naturalization Application’ 446 Amer. w/Disabilities - ’ 540 Mandamus & Other ’ 465 Other Immigration
Other ’ 550 Civil Rights Actions’ 448 Education ’ 555 Prison Condition
’ 560 Civil Detainee - Conditions of Confinement
V. ORIGIN (Place an “X” in One Box Only)
’ 1 OriginalProceeding
’ 2 Removed fromState Court
’ 3 Remanded fromAppellate Court
’ 4 Reinstated orReopened
’ 5 Transferred fromAnother District(specify)
’ 6 MultidistrictLitigation
VI. CAUSE OF ACTION
Cite the U.S. Civil Statute under which you are filing (Do not cite jurisdictional statutes unless diversity): Brief description of cause:
VII. REQUESTED IN COMPLAINT:
’ CHECK IF THIS IS A CLASS ACTIONUNDER RULE 23, F.R.Cv.P.
DEMAND $ CHECK YES only if demanded in complaint:JURY DEMAND: ’ Yes ’ No
VIII. RELATED CASE(S) IF ANY (See instructions):
JUDGE DOCKET NUMBERDATE SIGNATURE OF ATTORNEY OF RECORD
FOR OFFICE USE ONLY
RECEIPT # AMOUNT APPLYING IFP JUDGE MAG. JUDGE
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1-1 filed 08/20/15 page 1 of 2
JS 44 Reverse (Rev. 12/12)
INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET FORM JS 44
Authority For Civil Cover Sheet
The JS 44 civil cover sheet and the information contained herein neither replaces nor supplements the filings and service of pleading or other papers asrequired by law, except as provided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, isrequired for the use of the Clerk of Court for the purpose of initiating the civil docket sheet. Consequently, a civil cover sheet is submitted to the Clerk ofCourt for each civil complaint filed. The attorney filing a case should complete the form as follows:
I.(a) Plaintiffs-Defendants. Enter names (last, first, middle initial) of plaintiff and defendant. If the plaintiff or defendant is a government agency, use only the full name or standard abbreviations. If the plaintiff or defendant is an official within a government agency, identify first the agency and then the official, giving both name and title.
(b) County of Residence. For each civil case filed, except U.S. plaintiff cases, enter the name of the county where the first listed plaintiff resides at the time of filing. In U.S. plaintiff cases, enter the name of the county in which the first listed defendant resides at the time of filing. (NOTE: In land condemnation cases, the county of residence of the "defendant" is the location of the tract of land involved.)
(c) Attorneys. Enter the firm name, address, telephone number, and attorney of record. If there are several attorneys, list them on an attachment, notingin this section "(see attachment)".
II. Jurisdiction. The basis of jurisdiction is set forth under Rule 8(a), F.R.Cv.P., which requires that jurisdictions be shown in pleadings. Place an "X" in one of the boxes. If there is more than one basis of jurisdiction, precedence is given in the order shown below.United States plaintiff. (1) Jurisdiction based on 28 U.S.C. 1345 and 1348. Suits by agencies and officers of the United States are included here.United States defendant. (2) When the plaintiff is suing the United States, its officers or agencies, place an "X" in this box.Federal question. (3) This refers to suits under 28 U.S.C. 1331, where jurisdiction arises under the Constitution of the United States, an amendment to the Constitution, an act of Congress or a treaty of the United States. In cases where the U.S. is a party, the U.S. plaintiff or defendant code takes precedence, and box 1 or 2 should be marked.Diversity of citizenship. (4) This refers to suits under 28 U.S.C. 1332, where parties are citizens of different states. When Box 4 is checked, the citizenship of the different parties must be checked. (See Section III below; NOTE: federal question actions take precedence over diversity cases.)
III. Residence (citizenship) of Principal Parties. This section of the JS 44 is to be completed if diversity of citizenship was indicated above. Mark thissection for each principal party.
IV. Nature of Suit. Place an "X" in the appropriate box. If the nature of suit cannot be determined, be sure the cause of action, in Section VI below, is sufficient to enable the deputy clerk or the statistical clerk(s) in the Administrative Office to determine the nature of suit. If the cause fits more than one nature of suit, select the most definitive.
V. Origin. Place an "X" in one of the six boxes.Original Proceedings. (1) Cases which originate in the United States district courts.Removed from State Court. (2) Proceedings initiated in state courts may be removed to the district courts under Title 28 U.S.C., Section 1441. When the petition for removal is granted, check this box.Remanded from Appellate Court. (3) Check this box for cases remanded to the district court for further action. Use the date of remand as the filing date.Reinstated or Reopened. (4) Check this box for cases reinstated or reopened in the district court. Use the reopening date as the filing date.Transferred from Another District. (5) For cases transferred under Title 28 U.S.C. Section 1404(a). Do not use this for within district transfers or multidistrict litigation transfers.Multidistrict Litigation. (6) Check this box when a multidistrict case is transferred into the district under authority of Title 28 U.S.C. Section 1407. When this box is checked, do not check (5) above.
VI. Cause of Action. Report the civil statute directly related to the cause of action and give a brief description of the cause. Do not cite jurisdictional statutes unless diversity. Example: U.S. Civil Statute: 47 USC 553 Brief Description: Unauthorized reception of cable service
VII. Requested in Complaint. Class Action. Place an "X" in this box if you are filing a class action under Rule 23, F.R.Cv.P.Demand. In this space enter the actual dollar amount being demanded or indicate other demand, such as a preliminary injunction.Jury Demand. Check the appropriate box to indicate whether or not a jury is being demanded.
VIII. Related Cases. This section of the JS 44 is used to reference related pending cases, if any. If there are related pending cases, insert the docket numbers and the corresponding judge names for such cases.
Date and Attorney Signature. Date and sign the civil cover sheet.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1-1 filed 08/20/15 page 2 of 2
United States District Court FOR THE NORTHERN DISTRICT OF INDIANA
Fort Wayne Division
Floyd Harris, on behalf of himself and all )
others similarly situated, )
)
Plaintiff, )
)
vs. ) Cause No: 1:15-cv-00225
)
Medical Informatics Engineering, Inc., )
)
Defendant. )
SUMMONS IN A CIVIL ACTION
TO: (Defendants’ names and addresses)
Medical Informatics Engineering, Inc.
c/o Douglas Horner, Registered Agent
6302 Constitution Drive
Fort Wayne, IN 46804
A lawsuit has been filed against you. Within 21 days after service of this summons on you (not counting
the day you received it) C or 60 days if you are the United States or a United States agency, or an officer or
employee of the United States described in Fed. R. Civ. P. 12 (a)(2) or (3) C you must serve on the plaintiff an
answer to the attached complaint or a motion under Rule 12 of the Federal Rules of Civil Procedure. The answer
or motion must be served on the plaintiff or plaintiff=s attorney, whose name and address are:
Irwin B. Levin
Richard E. Shevitz
Vess A. Miller
Lynn A. Toops
COHEN & MALAD LLP
One Indiana Square, Suite 1400
Indianapolis, IN 46204
If you fail to respond, judgment by default will be entered against you for the relief demanded in the
complaint. You also must file your answer or motion with the court.
CLERK OF COURT
Date: _______________________________________
Signature of Clerk or Deputy Clerk
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1-2 filed 08/20/15 page 1 of 2
Civil Summons (Page 2)
Civil Action Number: __________________________
PROOF OF SERVICE (this section should not be filed with the court unless required by Fed. R. Civ. P. 4(l))
This summons for (name of individual and title, if any) ______________________________________
was received by me on (date)__________________.
I personally served the summons on the individual at (place) __________________________________
________________________________________________ on (date) __________________; or
I left the summons at the individual’s residence or usual place of abode with (name)________________
_____________________________________, a person of suitable age and discretion who resides there,
on (date) __________________, and mailed a copy to the individual’s last known address; or
I served the summons on (name of individual) ________________________________________, who is
designated by law to accept service of process on behalf of (name of organization) _________________
________________________________________on (date) __________________; or
I returned the summons unexecuted because _____________________________________________; or
Other (specify):
My fees are $ _____________for travel and $_______________for services, for a total of $_______________.
I declare under penalty of perjury that this information is true.
Date: ____________________ __________________________________________________
Server’s Signature
__________________________________________________
Printed name and title
__________________________________________________
Server’s address
Additional information regarding attempted service, etc.
USDC IN/ND case 1:15-cv-00225-RLM-SLC document 1-2 filed 08/20/15 page 2 of 2