Tierney v. Advocate Health & Hosp. Corp., No. 14-3168 (7th Cir. 2015)
Annotate this Case
Justia Opinion Summary
Want to stay in the know about new opinions from the Seventh Circuit U.S. Court of Appeals ?
Sign up for free summaries delivered directly to your inbox. Learn More ›
You already receive new opinion summaries from Seventh Circuit U.S. Court of Appeals . Did you know we offer summary newsletters for even more practice areas and jurisdictions? Explore them here.
Burglars stole four desktop computers from Advocate Health and Hospitals Corporation’s Illinois administrative offices. The computers contained unencrypted private data relating to approximately four million Advocate patients. Six of those patients brought a putative class action alleging that Advocate did too little to safeguard their information, asserting claims for willful and negligent violations of the Fair Credit Reporting Act, 15 U.S.C. 1681. The district court dismissed the FCRA claims for failure to state a claim. It also found that four of the plaintiffs lacked standing to sue because their injuries were too speculative; the thieves had stolen their information but had not yet misused it. The Seventh Circuit affirmed. Using information internally does not count as “furnishing … to third parties,” so the Act’s reasonable‐procedures provision did not apply, and the FCRA claims were properly dismissed.
Download PDF
In the United States Court of Appeals For the Seventh Circuit ____________________ No. 14 3168 ERICA TIERNEY, ANDRIS STRAUTINS, NATALIE ROBLES, JEFFREY BENKLER, ERICK D. OLIVER, and LILI ROBINSON, individually and on behalf of all others similarly situated, Plaintiffs Appellants, v. ADVOCATE HEALTH AND HOSPITALS CORPORATION, Defendant Appellee. ____________________ Appeal from the United States District Court for the Northern District of Illinois, Eastern Division. No. 13 CV 6237 — Charles R. Norgle, Judge. ____________________ ARGUED MARCH 31, 2015 — DECIDED AUGUST 10, 2015 ____________________ Before KANNE and ROVNER, Circuit Judges, and SPRINGMANN, District Judge. The Honorable Theresa L. Springmann, of the United States District Court for the Northern District of Indiana, sitting by designation. 2 No. 14 3168 KANNE, Circuit Judge. In July 2013 burglars stole four desktop computers from one of Defendant Advocate Health and Hospitals Corporation’s administrative offices in Illinois. The computers contained unencrypted private data relating to approximately four million Advocate patients. Six of the affected patients brought this putative class action alleging that Advocate did too little to safeguard their information. The plaintiffs asserted claims for willful and negligent violations of the Fair Credit Reporting Act (the “Act” or “FCRA”), 15 U.S.C. § 1681, et seq., and state law claims for negligence and invasion of privacy. The district court dis missed the FCRA claims for failure to state a claim; it also found that four of the plaintiffs lacked standing to sue. Then, having dismissed the federal claims, the court relinquished supplemental jurisdiction over the remaining state law claims. See 28 U.S.C. § 1367(c)(3). The plaintiffs appeal the dismissal of their FCRA claims. Before turning to the merits, we briefly address the threshold issue of the plaintiffs’ standing to sue under Arti cle III of the U.S. Constitution. The district court raised this issue sua sponte because it potentially affects our jurisdiction. See Rhodes v. Johnson, 153 F.3d 785, 787 (7th Cir. 1998). The court concluded that two of the plaintiffs, Benkler and Oli ver, had sufficiently concrete, particularized, and impending injuries to confer standing: the thieves attempted to use the stolen information to access Benkler’s bank accounts and to open a cell phone account in Oliver’s name. Benkler and Oli ver’s standing to sue is uncontested, and we agree with the district court’s conclusion. See Remijas v. Neiman Marcus Grp., LLC, No. 14–3122, 2015 WL 4394814, at *3–5 (7th Cir. July 20, No. 14 3168 3 2015) (finding standing in similar circumstances), petition for reh’g en banc filed (Aug. 3, 2015). The district court concluded that the four other plaintiffs, however, lacked standing because their injuries were too speculative: the thieves had stolen their information but had not yet misused it. Advocate claims that conclusion was cor rect; the plaintiffs say it was wrong. There is no need to re solve this dispute because “[w]here at least one plaintiff has standing, jurisdiction is secure and the court will adjudicate the case whether the additional plaintiffs have standing or not.” Ezell v. City of Chicago, 651 F.3d 684, 696 n.7 (7th Cir. 2011). Our jurisdiction is secure. Now to the merits. We review de novo a district court’s dismissal under Federal Rule of Civil Procedure 12(b)(6). Meade v. Moraine Valley Cmty. Coll., 770 F.3d 680, 684 (7th Cir. 2014). To survive dismissal, the complaint must allege suffi cient facts to state a claim to relief that is plausible on its face. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). We accept the plaintiffs’ well pled facts as true and construe rea sonable inferences in their favor. Thulin v. Shopko Stores Oper ating Co., 771 F.3d 994, 997 (7th Cir. 2014). But “allegations in the form of legal conclusions are insufficient.” McReynolds v. Merrill Lynch & Co., 694 F.3d 873, 885 (7th Cir. 2012) (citing Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)). So are “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements.” Adams v. City of Indianapolis, 742 F.3d 720, 728 (7th Cir. 2014) (quoting Iqbal, 556 U.S. at 678). The Act requires every “consumer reporting agency” to “maintain reasonable procedures” to ensure that it does not “furnish[] … consumer reports” to unauthorized third par 4 No. 14 3168 ties or for impermissible purposes. 15 U.S.C. § 1681e(a). The plaintiffs allege that Advocate did not maintain reasonable procedures and thereby exposed their private information to the thieves. They seek various forms of relief, including stat utory damages, which the Act makes available for willful violations even without a showing of actual damages. See id. § 1681n(a); Killingsworth v. HSBC Bank Nev., N.A., 507 F.3d 614, 622 (7th Cir. 2007). But the plaintiffs must plausibly allege that the reasona ble procedures provision applies in the first place, which in cludes, for a start, properly pleading that Advocate is a “consumer reporting agency.” The Act defines that term, in relevant part, to mean: any person which, [1] for monetary fees, dues, or on a cooperative nonprofit basis, [2] regularly en gages in whole or in part in the practice of assem bling or evaluating consumer credit information or other information on consumers [3] for the purpose of furnishing consumer reports to third parties … . 15 U.S.C. § 1681a(f) (numbering added). The complaint al leges that “Advocate is a Consumer Reporting Agency” be cause it “assembl[es] information on consumers” on a “co operative nonprofit basis and/or for monetary fees” for the “purpose of furnishing Consumer Reports to third parties.” But these are merely conclusory allegations—a “threadbare recital” of the statutory elements. Adams, 742 F.3d at 728. On their own, they are insufficient under Twombly and Iqbal. The complaint’s other, more detailed allegations fall short too. The plaintiffs do successfully plead the second prong of the statutory definition: the complaint states that Advocate regularly assembles its patients’ personal and medical in No. 14 3168 5 formation—including, e.g., names, dates of birth, social se curity numbers, medical diagnoses, and health insurance in formation. But the complaint does not satisfy the definition’s first prong because Advocate does not assemble this information “for monetary fees.” 15 U.S.C. § 1681a(f) (emphasis added). The complaint does allege that Advocate transmits patient information to insurance companies and government agen cies (such as Medicare, presumably) in order to get paid. But the payments Advocate receives are—in the complaint’s own words—“for health care services that its physicians have ren dered” (emphasis added). Advocate is not getting paid for assembling patient information. After all, that is not its busi ness. Advocate is, as the complaint acknowledges, a “net work of affiliated doctors and hospitals that treat patients”— not a credit or consumer reporting company. The complaint alleges that Advocate’s patient infor mation serves other purposes as well. The insurance compa nies and government agencies allegedly use it to determine eligibility and pricing for health services and to set rates for a variety of insurance products. But, again, none of that shows that Advocate receives fees in exchange for compiling and transmitting patient information. The plaintiffs’ allegations also fail the third prong of the statutory definition. To qualify as a “consumer reporting agency,” Advocate must assemble consumer information “for the purpose of furnishing consumer reports to third par ties.” 15 U.S.C. § 1681a(f) (emphasis added). A consumer re port includes any communication “bearing on a consumer’s credit worthiness” which is used to establish the consumer’s eligibility for credit, insurance, or other listed purposes. Id. 6 No. 14 3168 § 1681a(d)(1). But the Act expressly excludes from this defi nition any “report containing information solely as to trans actions or experiences between the consumer and the person making the report.” Id. § 1681a(d)(2)(A)(i). Advocate does not meet this definition. The information it transmits to insurers is obviously sent to third parties, and it arguably is used to determine eligibility for insurance cov erage. But the information concerns Advocate’s experiences with its own patients, including, e.g., personally identifying information, medical diagnoses, and the names of treating physicians. It thus falls within the exclusion. See DiGianni v. Stern’s, 26 F.3d 346, 349 (2d Cir. 1994) (per curiam). We have found the Act inapplicable in analogous circum stances. In Frederick v. Marquette National Bank, for example, the plaintiff contracted to buy a condominium from Mar quette National Bank. Marquette asked Frederick for per mission to obtain her credit report; when she refused, Mar quette ordered it anyway. 911 F.2d 1, 1 (7th Cir. 1990). She sued for alleged violations of the Act. We held that “[t]he statute is not even potentially applicable” because Marquette was a bank, not a consumer reporting agency. Id. at 2. More over, we found the plaintiff’s claims not only wrong, but frivolous. Id. (“When a statute expressly confines liability to X’s and the defendant is a Y, the suit is frivolous.”). We reiterated the point in a different context in Mirfasihi v. Fleet Mortgage Corporation, 551 F.3d 682 (7th Cir. 2008). There, the plaintiffs, as a class, sued Fleet Mortgage Corpora tion for having transmitted their personal financial infor mation to telemarketing companies, allegedly in violation of the Act. The district court approved a settlement that placed no value on the FCRA claim. Id. at 684. (The plaintiffs also No. 14 3168 7 brought other claims that did have value, but they do not concern us here.) We affirmed, holding that the claim (in ad dition to having been forfeited) “has no possible merit, and in fact is frivolous.” Id. at 686. Fleet, we observed, “is not a consumer reporting agency—it is a bank.” Id. (citing Freder ick, 911 F.2d at 2). Similarly, the Second Circuit concluded in DiGianni that the term “consumer reporting agency” did not include retail department stores that merely received and transmitted in formation about their own customers. 26 F.3d at 348–49. The Eleventh Circuit reached the same conclusion in Rush v. Ma cy’s New York, Inc., where defendant Macy’s “did no more than furnish information to a credit reporting agency.” 775 F.2d 1554, 1557 (11th Cir. 1985). The Act itself expressly dis tinguishes between companies that furnish information about their own customers (or patients, etc.) and those that get paid to assemble, evaluate, and report credit related in formation. See 15 U.S.C. § 1681s 2.1 Advocate falls on the first side of that line. Nevertheless, the plaintiffs take another shot at fitting Advocate within the definition of “consumer reporting agency.” In an effort to meet the first prong of the definition, they claim that Advocate assembles and shares its patients’ data “on a cooperative nonprofit basis,” even if not for fees. 15 U.S.C. § 1681a(f) (emphasis added). Specifically, the com plaint alleges that “Advocate, through Advocate Physician Partners, collects, manages, and shares a multitude of patient 1 Section § 1681s 2 does place certain obligations on those who furnish information to consumer reporting agencies. But the plaintiffs do not allege that Advocate violated those obligations. 8 No. 14 3168 information … in a variety of ways.” It then lists several ex amples: programs to improve health care quality and effi ciency; a Medicare savings program; a “shared savings con tract with its biggest commercial insurance partner”; and the hiring of “outpatient care managers.”2 There is no allegation that these programs involve cooperative sharing of infor mation with third parties. Judging by the allegations, these are internal Advocate programs, with the possible exception of the insurance contract. Nor is there any claim that these programs operate on a non profit basis. Even drawing rea sonable inferences in the plaintiffs’ favor, we think these al legations are too thin. Moreover, the allegations do not meet the definition’s third prong. Using information internally does not count as “furnishing … to third parties.” 15 U.S.C. § 1681a(f). And there is no claim that Advocate shares the information so that the recipient can make determinations of credit or in surance eligibility. In other words, Advocate is not providing “consumer reports.” See id. § 1681a(d)(1). For these reasons, we conclude that the plaintiffs did not plausibly allege that Advocate is a consumer reporting agen cy. Therefore, the Act’s reasonable procedures provision does not apply, and the FCRA claims were properly dis missed. Our conclusion does not confine the Act’s reach to the na tion’s three major credit bureaus, as the plaintiffs suggest. Other entities outside that mold may act in ways that satisfy 2 The complaint cites a description of these programs available at http://www.advocatehealth.com/documents/app/2013ValueReport Complete.pdf (last visited Aug. 6, 2015). No. 14 3168 9 the statutory definition of “consumer reporting agency.” See, e.g., Adams v. Nat’l Eng’g Serv. Corp., 620 F. Supp. 2d 319, 328 (D. Conn. 2009) (holding that a staffing agency was a con sumer reporting agency because it prepared and furnished background investigation reports for a fee). That, however, is not what Advocate allegedly did here. We need not address Advocate’s other statutory de fense—that it did not “furnish” any information to the thieves. Nor do we need to decide whether the plaintiffs suf ficiently pled their claims for willful and negligent FCRA vi olations under 15 U.S.C. §§ 1681n and 1681o. The judgment of the district court is AFFIRMED.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
