Terrell v. Main Line Health, Inc., 320 F. Supp. 3d 644

R. BARCLAY SURRICK, DISTRICT JUDGE

Presently before the Court is Defendants' Motion for Summary Judgment. (ECF No. 17.) For the following reasons, Defendant's Motion will be granted.

I. INTRODUCTION

This employment discrimination case arises from Plaintiff Gloria Terrell's allegations that her employer, Defendant Main Line Hospitals, Inc. ("MLHI")¹ terminated her employment as an operating room ("OR") secretary at Lankenau Hospital ("Lankenau") based on her age. Plaintiff's Complaint alleges that MLHI terminated her in violation of the Age Discrimination in Employment Act ("ADEA"), 29 U.S.C. §§ 621 - 634, and the Pennsylvania Human Relations Act ("PHRA"), 43 Pa. Stat. & Cons. Stat. Ann. §§ 951-963. (Compl., ECF No. 1.) Defendants contend that Plaintiff was terminated for a legitimate, nondiscriminatory reason, specifically, because she twice accessed information regarding a co-worker, in violation of MLHI's policies relating to patient privacy and in violation of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").² Because Plaintiff has failed to raise a triable issue of fact as to whether the proffered reason for her termination was pretextual, Defendants are entitled to summary judgment.

II. BACKGROUND

A. Factual Background³

1. Plaintiff's Position And Responsibilities

Plaintiff was born in 1955 and began her employment at Lankenau in 1974 as a nurse's aide. (CSMF ¶¶ 1, 3, 4.) Plaintiff subsequently became an Instrument Room Technician and then an OR secretary, the position that she held for more than thirty-five years until her termination in 2016. (Id. ¶¶ 4, 6.) At the time of the events relevant to this lawsuit, there were two other OR secretaries at Lankenau, Barbara Hawkins and Linda Robinson. (Id. ¶¶ 5, 6.) Hawkins had worked as an OR

secretary for more than ten years, and Robinson had worked in the OR for approximately six months. (Id. ¶ 8.) As an OR secretary, Plaintiff's duties included setting up the OR schedule, calling for patients, sending for blood and medications, patient billing, maintaining office supplies, setting up patient charts, and ordering staff uniforms. (Id. ¶ 7.) Plaintiff also was responsible for training Robinson, who described Plaintiff as very well informed about the OR secretary position. (Id. ¶¶ 9, 10; Robinson Dep. 12, SMF Ex. G and CSMF Ex. 4.)⁴ Plaintiff and the other OR secretaries self-scheduled with respect to arranging coverage among themselves if one of them was unable to work a scheduled shift. (CSMF ¶ 37.)

OR secretaries use a system called "SIS" to electronically schedule surgeries. (CSMF ¶ 12.) They can also access patient demographics-such as name, date of birth, social security number, phone number, emergency contact information, and insurance information-through an electronic database called "Invision," but they cannot access medical charts. (Id. ¶¶ 25-27; SMF ¶ 4.) During the time period relevant to this action, Plaintiff and the other OR secretaries were supervised by Administrative Coordinator Andrea Ledford and Nurse Manager Annette Frawley. (CSMF ¶¶ 48, 16.)

2. MLHI's Privacy And Disciplinary Policies

MLHI is subject to the regulations promulgated pursuant to HIPAA to protect the privacy, security, and confidentiality of health information. (SMF ¶ 5.) MLHI has implemented a number of policies and employee training programs related to the protection of confidential information and the disciplinary consequences of confidentiality violations. (SMF Exs. J, K, L, M, Q, R, S; CSMF Ex. 8.) For example, MLHI's Confidentiality Policy provides, in relevant part:

[A]ll employees ... are required to maintain the confidentiality of all privileged information. Privileged information consists of, but is not limited to, data that can be communicated verbally, electronically, or in hard copy regarding the following:

1. Patient information (e.g., diagnosis, content of medical records)

* * *

3. Employee information (e.g., salary, demographics)

(SMF ¶ 5, Ex. J.) The accompanying Confidentiality Statement requires employees to agree that they "will only access information on patients/employees about whom I have a business need to know." (SMF Ex. J.) The Statement also includes an employee acknowledgement that "any unauthorized access to, use of or disclosure of privileged information or any other confidential information concerning a current or past patient or employee ... may result in immediate discharge from employment with [MLH]." (Id. )

MLHI requires employees to undertake annual HIPAA compliance training and testing. (Id. ¶ 8.) MLHI's Compliance Program materials define Protected Health Information ("PHI") as "any information that is identifiable to a patient," including, name, address, email address, date of birth, and insurance and other financial information. (CSMF ¶ 42, Ex. 8.) The materials state that patients must authorize the disclosure of their PHI unless it is needed for treating the patient, for payment for treating the patient, or for health care operations. (Id. ¶ 43, Ex. 8.) Employees are also instructed that they must "[a]ccess only the information you need to do your job," and "[u]se the information to perform your job only." (Id. Ex. 8.) The training states that employees have the same HIPAA privacy rights as other patients. (SMF ¶ 10.)

Plaintiff participated in HIPAA training annually while employed by MLHI. (Id. ¶ 9.) Although Plaintiff undertook the training, she testified that she felt rushed to complete it during her work day, and she would sometimes skip ahead to the test without fully reading through the preceding materials.⁵ (Terrell Dep. 113-16, 132-33, 137-38, SMF Ex. A and CSMF Ex. 1.) When she answered test questions incorrectly, she would then go back and review the related training material more carefully. (Id. ) However, Plaintiff understood that she was only permitted to access patient information as needed to perform her job. (Terrell Dep. 125-126; SMF ¶ 11; Pl.'s Resp. to SMF ¶ 11.)

In April 2016, MLHI implemented a privacy monitoring system called "Fair Warning." (SMF ¶ 13.) Using algorithms, Fair Warning monitors and analyzes instances of access to patient records to identify any that lack a legitimate business purpose. (Id. ¶ 14.) When Fair Warning detects a potentially suspect instance of employee access to patient records, it sends an email to the employee's manager to determine whether there was a legitimate business need for the access. (Id. ¶ 15; CSMF ¶ 47.) If the manager does not identify a legitimate business need, the matter is referred to MLHI's Human Resources ("HR") department for investigation. (Id. ¶ 16.)

MLHI's Code of Conduct and Behaviors that Undermine a Culture of Safety ("Code of Conduct") provides examples of conduct that can lead to disciplinary action, including termination. (SMF Ex. K.) These include: "[u]nauthorized release/disclosure/access of confidential information," "[u]nauthorized and/or non-business related access, use or disclosure of electronic protected health information," and "[u]nauthorized and/or inappropriate use of MLH information system resources." (Id. ) The Code of Conduct further provides that violations "will lead to Performance Management action, up to and including termination of employment." (Id. )

MLHI's Performance Management Policy generally provides four color-coded levels of discipline: (1) performance expectations review (blue); (2) performance coaching (yellow); (3) corrective intervention (orange), and (4) termination (red). (SMF Ex. Q.) The policy directs managers to intervene "early in the development of [a] performance and/or behavioral concern to help the employee recognize and correct the deficiencies," but notes that "[t]here may be circumstances ... in which immediate termination ... is warranted." (Id. ) Under this policy, circumstances warranting termination include "[w]hen the issue is serious in nature," and "[w]hen the issue is either an egregious first time occurrence or a repeat occurrence of a behavioral or code of conduct violation." (Id.)

MLHI also has specific disciplinary guidelines for HIPAA/privacy violations.

(Employee Sanction Guidelines for HIPAA/Security Violations ("HIPAA Sanction Guidelines"). (SMF Ex. R.) The HIPAA Sanction Guidelines divide violations into four categories, each with mitigating and contributing factors and possible sanctions. (Id. ) The four categories are:

(1) accidental or inadvertent violation;

(2) failure to follow established privacy/security policies and procedures;

(3) deliberate or purposeful violation without harmful intent; and

(4) disclosure or use of PHI for illegal purpose or unauthorized public disclosure of PHI.

(Id. ) Examples of category 3 violations include "[a]ccessing PHI outside the scope of job duties (to compare coworker workloads, learn about clinical operations)" and "[c]hecking on a coworker, family member or neighbor." (Id. ) The possible sanctions for a category 3 violation are orange (corrective action) or red (termination).⁶ (Id. ; CSMF ¶ 86.)

Lankenau employees who violate HIPAA are not automatically terminated, and the level of discipline imposed depends upon the facts and circumstances of each case. (CSMF ¶ 92; Papa Dep. 11, SMF Ex. B and CSMF Ex. 2.) Lankenau's HR Director, Greg Papa, testified that the performance management program "is not meant to be progressive. It's meant to assign the performance management action that best fits the situation.... [I]f someone's act is egregious, we could go right to termination, or if it's deliberate or some other circumstance." (Papa Dep. 60-61.)

3. Circumstances Of Plaintiff's Termination

MLHI terminated Plaintiff after the second of two instances in which she used the Invision system to access the phone number of her co-worker, Hawkins. (CSMF ¶¶ 13-24, 33-38, 52-70.) The first instance occurred on the morning of Monday, August 15, 2016, when Plaintiff and Robinson were the OR secretaries on duty. (Id. ¶¶ 13, 15.) The OR was particularly busy that morning, and the SIS system was not working, which required Plaintiff and Robinson to manually organize cases and schedule surgeries. (Id. ¶¶ 13-14, 16.) Hawkins was scheduled to work later in the day, but because she had called out of work at the end of the previous week, Plaintiff, Robinson, and their supervisor, Ledford, were unsure whether Hawkins would be in for her shift. (Id. ¶ 17.) Even though it was Plaintiff's birthday, she volunteered to cover Hawkins' shift if she wasn't coming in. (Id. ¶ 18.)

Ledford asked Plaintiff to find out if Hawkins was coming in, and Plaintiff looked unsuccessfully for the OR employee phone list that was normally kept on a clipboard in the unit. (Id. ¶¶ 19-23.) When Plaintiff could not find the phone list, she obtained Hawkins' phone number from Invision. (Id. ¶ 24.) According to Plaintiff, she told Ledford she had used Invision to get Hawkins' number, and Ledford said "okay."⁷ (Id. ¶ 28.) According to Plaintiff, the scheduling problems and volume in the OR that day prevented her from calling Hawkins before 11 a.m., the time by which Hawkins was required to call out if she were not coming to work. (Id. ¶¶ 31-32.) Because Hawkins was conscientious about timely calling out and she had not done so by 11 a.m., Plaintiff assumed Hawkins would be in and did not call her. (Id. ¶ 32; SMF ¶ 34.)

The second instance occurred on August 22, 2016, after an orderly told Plaintiff and some OR colleagues that there had been an early morning shooting in an area that Plaintiff knew was near Hawkins' residence. (CSMF ¶¶ 33-34.) Plaintiff wanted to call Hawkins to see if she was okay and able to come in for her shift, and, because the phone list was still missing, she again looked up Hawkins' number in Invision. (Id. ¶¶ 35-36.) Plaintiff then considered that Hawkins might be sleeping and decided not to call her. (Id. ¶ 38.) It is undisputed that Plaintiff did not save Hawkins' phone number or disclose it to anyone. (Id. ¶ 41.)

Approximately six months before these incidents, Plaintiff had completed computer-based training, followed by a test, regarding information security awareness. (SMF ¶¶ 11-12; Pl.'s Resp. to SMF ¶¶ 11-12.) The training explained that MLHI is a HIPAA-covered entity, that it requires the protection of PHI, and that patient data is only to be accessed for a business-related reason. (SMF ¶ 11; Pl.'s Resp. to SMF ¶ 11.) Plaintiff believes that she had a business reason for accessing Hawkins' record on both occasions, because she wanted to determine if Hawkins would be coming in for her shift. (Terrell Dep. 168; SMF ¶¶ 73-74; CSMF ¶ 88.)

The Fair Warning system flagged Plaintiff's August 15, 2016 access of Hawkins' Invision record and sent an email to Frawley asking whether Plaintiff had a work-related reason for the access. (CSMF ¶¶ 52-53; SMF ¶ 41.) On August 25, 2016, Frawley replied "No!!!!". (SMF ¶ 42.) After receiving the Fair Warning alert, Frawley notified Lankenau HR Manager Allison Bennett of the August 15 incident and advised Bennett that Plaintiff had no work-related reason for accessing Hawkins' records. (SMF ¶¶ 44-45.) Frawley later testified that because Hawkins had not been an inpatient and had not been in the OR, Frawley "knew that there was absolutely no reason that there would have been a need for [Plaintiff] to go into [Hawkins'] record." (Frawley Dep. 24-25, SMF Ex. F and CSFM Ex. 12.)

Bennett, Frawley, and perioperative nursing director Josetta Shaw began an investigation, and while it was ongoing, they learned that Plaintiff had accessed Hawkins' Invision records a second time, on August 22. (SMF ¶¶ 46-47.) On August 25, 2016, Bennett and Frawley met with Plaintiff, who admitted that she had accessed Hawkins' Invision records twice to get her phone number-the first time, to see if she was coming in for her shift; and the second time, to see if she was okay and able to come in for her shift. (Id. ¶ 48; Pl.'s Resp. to SMF ¶ 48.) Bennett and Papa also met with Hawkins to determine whether she had given Plaintiff permission to access her records. (SMF ¶ 52.) Frawley and Papa testified that Hawkins said she had not given Plaintiff permission to access her records and that Hawkins was upset about the access. (Id. ¶¶ 52-54.)

On August 30, 2016, Fair Warning sent Bennett a report categorizing Plaintiff's accessing of Hawkins' records as "snooping," describing the severity as "high," and stating that the incident was not reportable to the government. (Id. ¶ 57; CSMF ¶¶ 56-57.) Bennett met with Frawley and Shaw, both of whom recommended that Plaintiff be terminated. (SMF ¶ 59; CSMF ¶¶ 65-67.) Before a MLHI employee may be terminated, the HR Manager must submit a Situation, Background, Assessment, and Recommendation ("SBAR") report. (SMF ¶ 60.) Bennett prepared the SBAR, which recommended termination, and sent it to Papa for his consideration. (CSMF ¶¶ 67-68, Ex. 18.) Papa agreed with the recommendation, and Plaintiff was terminated on September 9, 2016. (SMF ¶ 62; CSMF ¶ 70.) Plaintiff's termination was also reviewed and approved by Lankenau's President and its Senior Vice President of Human Resources. (SMF ¶ 68.) Plaintiff was replaced by a 39-year-old woman hired from outside of MLHI. (CSMF ¶¶ 71, 73.)

Bennett prepared a Performance Management Record for Plaintiff's termination, which stated:

Gloria accessed co-workers medical record on two separate occasions. It was determined by her department manager and acknowledged by Gloria-there was no business need for her to access co-workers information. Under MLH's Fair Warning and HIPAA policy this is a gross violation of that policy.

(CSMF Ex. 19; SMF ¶ 69.) Bennett, Papa, and Frawley agreed that Plaintiff's violation fell within category 3 of the HIPAA Sanctions Guidelines: "Deliberate or purposeful violation without harmful intent."⁸ (CSMF ¶ 83; Papa Dep. 63-64; Frawley Dep. 36; Bennett Dep. 36-37, SMF Ex. C and CSMF Ex. 15.) According to Defendants, Plaintiff's accessing of Hawkins' records constituted the following types of improper conduct that can warrant termination:

19. Unauthorized release/disclosure/access of confidential information; and

40. Unauthorized and/or non-business related access, use or disclosure of electronic protected health information.

(Papa Dep. 58-59; SMF Ex. K; CSMF ¶ 87.) Defendants determined that Plaintiff's termination was warranted under MLHI's Performance Management Policy because "the issue [was] serious in nature," and "the issue [was] either an egregious first time occurrence or a repeat occurrence of a behavioral or code of conduct violation." (Papa Dep. 61-62; Bennett Dep. 35; SMF Ex. Q.)

Plaintiff filed an internal appeal of her termination. The termination was subsequently upheld by Lankenau's Vice President of Patient Services. (SMF ¶ 70, Ex. T.) In connection with this case, Plaintiff contends that she "witnessed other younger OR employees access demographic information of co-workers through Invision and not be disciplined, including OR Administrative Coordinator Josh Kirkpatrick sometime after 2015 (a phone number), and Mary Getty (an address)."⁹ (CSMF ¶ 89.) Plaintiff also claims that Robinson told her that she had used Invision to check the age of an employee. (Id. ¶ 90.) All three of these employees denied Plaintiff's allegations and the implication that they improperly accessed patient records.¹⁰ In addition, Defendants assert that they had no knowledge or notice of these alleged incidents, which were not identified through the Fair Warning monitoring system nor brought to the attention of the Human Resources Department by Terrell or any other source. (Defs.' Resp. to CSMF ¶¶ 89-90; Bennett Decl. ¶¶ 2, 3, CSMF Ex. A.)

4. Defendants' Handling Of Other HIPAA/Privacy Violations

As noted above, in April 2016, MLHI began using the Fair Warning system to electronically detect HIPAA/privacy violations. (SMF ¶ 13.) Prior to the implementation of Fair Warning, MLHI's tracking of HIPAA/privacy violations was primarily anecdotal and required manual review of electronic patient records. (Id. ¶ 80.)

Defendants' records reflect that since 2009, and excluding Plaintiff, nine individuals have been terminated from Lankenau for HIPAA violations. (SMF ¶¶ 82; CSMF Ex. 25.) Three of the terminations involved "co-worker snooping," in which the employee accessed a patient-co-worker's records in Invision or Smart Chart¹¹ without permission from the patient-employee. (SMF ¶¶ 82-83; CSMF ¶¶ 93-96, Ex. 25; Papa Dep. 34-38.) The individuals terminated for co-worker snooping, and their birth years are: "T.M."-1983; "R.C."-1956; and "M.K."-1968. (SMF ¶ 82; CSMF Ex. 25.) The other terminations involved "celebrity snooping." (SMF ¶¶ 82-83; Papa Dep. 31-34.) Two of the employees terminated for celebrity snooping were 40 years old or younger, and the other four ranged from 48 to 61 years old.¹² (SMF ¶¶ 82-83; Papa Dep. 31-34.)

Since Fair Warning was implemented, fourteen Lankenau employees have been disciplined, but not terminated, for HIPAA violations. (SMF ¶ 84.) Ten of those employees accessed a family member's records with the family member's permission; two accessed a co-worker's records with permission; one used a computer logged in under her supervisor's credentials to view her own records; and one failed to properly log out of her computer, which was then used by an unknown person to access a patient record. (SMF ¶¶ 84-85; CSMF ¶¶ 97-100, Ex. 25; Papa Dep. 16-31; Defs.' Resp. to CSMF Exs. D, E, F.) At least eight of the employees who were not terminated for HIPAA violations were age-protected under the ADEA.¹³ (SMF ¶ 84; CSMF Ex. 25.)

B. Procedural History

On or about February 17, 2017, Plaintiff dual-filed a complaint against Defendants with the Equal Opportunity Employment Commission ("EEOC") and the Pennsylvania Human Rights Commission ("PHRC"). (Compl. ¶ 14.) On July 12, 2017, Plaintiff filed her Complaint, alleging claims of age discrimination under the ADEA (Count I) and the PHRA (Count II). Defendants filed an Answer and Affirmative Defenses on September 8, 2017. (ECF No. 4.) Defendants filed the instant Motion on March 28, 2018. Plaintiff filed a Response in Opposition to the Motion on April 25, 2018. Defendants filed a Reply on May 14, 2018. (ECF No. 22.)

III. LEGAL STANDARD

Under Federal Rule of Civil Procedure 56(a), summary judgment is proper "if the movant shows that there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." A dispute is "genuine" if there is a sufficient evidentiary basis on which a reasonable jury could return a verdict for the non-moving party. Kaucher v. Cty. of Bucks , 455 F.3d 418, 423 (3d Cir. 2006) (citing Anderson , 477 U.S. at 248, 106 S.Ct. 2505 ). "[A] factual dispute is material only if it might affect the outcome of the suit under governing law." Id. The court must view the evidence in the light most favorable to the non-moving party. Galena v. Leone, 638 F.3d 186, 196 (3d Cir. 2011). However, "unsupported assertions, conclusory allegations, or mere suspicions" are insufficient to overcome a motion for summary judgment. Schaar v. Lehigh Valley Health Servs., Inc. , 732 F.Supp.2d 490, 493 (E.D. Pa. 2010) (citing Williams v. Borough of W. Chester , 891 F.2d 458, 460 (3d Cir. 1989) ).

Where the nonmoving party bears the burden of proof at trial, the moving party may identify an absence of a genuine issue of material fact by showing the court that there is no evidence in the record supporting the nonmoving party's case. Celotex Corp. v. Catrett , 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986) ; UPMC Health Sys. v. Metro. Life Ins. Co. , 391 F.3d 497, 502 (3d Cir. 2004). If the moving party carries this initial burden, the nonmoving party must set forth specific facts showing that there is a genuine issue for trial. See Fed. R. Civ. P. 56(c) ("A party asserting that a fact ... is genuinely disputed must support the assertion by ... citing to particular parts of materials in the record...."); see also Matsushita Elec. Indus. Co. v. Zenith Radio Corp. , 475 U.S. 574, 586, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986) (noting that the nonmoving party "must do more than simply show that there is some metaphysical doubt as to the material facts"). "Where the record taken as a whole could not lead a rational trier of fact to find for the non-moving party, there is no 'genuine issue for trial.' " Matsushita , 475 U.S. at 587, 106 S.Ct. 1348 (citation omitted).

IV. DISCUSSION

The ADEA provides that "[i]t shall be unlawful for an employer ... to fail or refuse to hire or to discharge any individual or otherwise discriminate against any individual with respect to his compensation, terms, conditions, or privileges of employment, because of such individual's age."¹⁴ 29 U.S.C. § 623(a)(1). To succeed on an age discrimination claim based on disparate impact, a plaintiff must demonstrate that age "was the 'but-for' cause of the employer's adverse decision." Gross v. FBL Fin. Servs., Inc. , 557 U.S. 167, 176, 129 S.Ct. 2343, 174 L.Ed.2d 119 (2009). In age discrimination cases, it is not sufficient to simply show that age was "a motivating factor" in the adverse employment action. Id. Rather, a plaintiff must demonstrate that age was a determinative factor or "the 'but-for' cause of the employer's adverse decision." Id. ; see also Smith v. City of Allentown , 589 F.3d 684, 690-91 (3d Cir. 2009) (explaining that following Gross , an ADEA plaintiff must prove that age was the "but for" cause of the employer's adverse employment action). "Age discrimination may be established by direct or indirect evidence."¹⁵ Duffy v. Paper Magic Grp., Inc. , 265 F.3d 163, 167 (3d Cir. 2001) (citing Connors v. Chrysler Fin. Corp. , 160 F.3d 971, 972 (3d Cir. 1998) ). Regardless of the method of proof, "the plaintiff retains the burden of persuasion to establish that age was the 'but-for' cause of the employer's adverse action." Gross , 557 U.S. at 177, 129 S.Ct. 2343.

In a case such as this, where the Plaintiff has offered no direct evidence of age discrimination, we apply the familiar burden-shifting framework of McDonnell Douglas Corp. v. Green , 411 U.S. 792, 93 S.Ct. 1817, 36 L.Ed.2d 668 (1973). See, e.g., Smith , 589 F.3d at 689 ; Simpson v. Kay Jewelers , 142 F.3d 639, 643-44 (3d Cir. 1998). Under this framework, the initial burden of establishing a prima facie case rests with the plaintiff. McDonnell Douglas , 411 U.S. at 802, 93 S.Ct. 1817. If the plaintiff makes out a prima facie case, the burden shifts to the defendant to "articulate some legitimate, nondiscriminatory reason" for its adverse action. Id. If the defendant articulates such a reason, the burden shifts back to the plaintiff, who must then show by a preponderance of the evidence that the employer's proffered legitimate reason is pretextual. Id. at 804, 93 S.Ct. 1817.

A. Plaintiff's Prima Facie Case

To establish a prima facie case of discrimination in ADEA cases, the plaintiff must show: (1) that the plaintiff was forty years of age or older; (2) that the defendant took an adverse employment action against the plaintiff; (3) that the plaintiff was qualified for the position in question; and (4) that the plaintiff was ultimately replaced by another employee who was sufficiently younger to support an inference of discriminatory animus. Smith , 589 F.3d at 689-90 (citing Potence v. Hazleton Area Sch. Dist. , 357 F.3d 366, 370 (3d Cir. 2004) ). Plaintiff's burden at the prima facie stage is "not onerous." Simpson , 142 F.3d at 646 (citations omitted).

For purposes of this Motion, Defendants concede that Plaintiff has established a prima facie case of age discrimination. At the time of her termination, Plaintiff was in her sixties and was qualified for her position, which she had held for more than thirty-five years. Plaintiff's termination was unquestionably an adverse employment action, and her replacement was substantially younger than her.

B. Legitimate Nondiscriminatory Reason For Termination

At the second step of the McDonnell Douglas framework, the employer satisfies its "relatively light" burden of production by introducing evidence which, taken as true, would permit a conclusion that there was a nondiscriminatory reason for its employment decision. Fuentes v. Perskie , 32 F.3d 759, 763 (3d Cir. 1994). The employer need not prove that the proffered reason actually motivated the termination decision, because "throughout this burden-shifting paradigm the ultimate burden of proving intentional discrimination always rests with the plaintiff." Id.

Defendants have satisfied their burden here. Defendants assert that Plaintiff was terminated because-as MLHI contemporaneously documented-she violated its HIPAA and patient confidentiality policies by twice accessing a co-worker's protected records without a work-related need to do so. According to Defendants, Plaintiff's conduct violated HIPAA, MLHI's Confidentiality Policy, and its Code of Conduct, and her termination was warranted under the Code of Conduct and the HIPAA Sanction Guidelines. Defendants' proffered reason for terminating Plaintiff is legitimate and nondiscriminatory. See, e.g. , DeCicco v. Mid-Atlantic Healthcare, LLC , 275 F.Supp.3d 546, 555-56 (E.D. Pa. 2017) (noting that violation of internal company policies may constitute legitimate, nondiscriminatory reason for termination); Kopko v. Lehigh Valley Health Network , No. 14-1290, 2016 WL 6442062, at *7 (E.D. Pa. Oct. 31, 2016) (finding that violation of HIPAA policy constituted a legitimate and nondiscriminatory reason for termination); Garrow v. Wells Fargo Bank, N.A. , No. 15-1468, 2016 WL 5870858, at *6 (E.D. Pa. Oct. 7, 2016) ("Violating [employer company] policy is undoubtedly a legitimate and nondiscriminatory reason for termination."); see also Cosby v. Vicksburg Healthcare, LLC , No. 11-159, 2013 WL 2149705, at *8 (S.D. Miss. May 16, 2013) (finding that employer's reliance on HIPAA violation as reason for termination sufficiently negated the prima facie inference of discrimination); Teklehaimanot v. Park Ctr., Inc. , 804 F.Supp.2d 886, 909 (N.D. Ind. 2011) ("[E]mployer's] explanation that it terminated [employee] because she breached its confidentiality and HIPAA policies is a credible, legitimate, nondiscriminatory reason for her termination.").

Plaintiff argues that MLHI has not proffered a legitimate reason for her termination because, according to her, the Invision screen she accessed did not contain HIPAA-protected information, and even if the information she accessed were considered to be PHI, "employees may access such information when the information is needed for 'healthcare operations.' " (Pl.'s Opp. Br. 9; see also id. at 5 (stating that Plaintiff "did not access Protected Health Information under HIPAA".) We disagree. As a threshold matter, Plaintiff's narrow construction of PHI is at odds with the provisions of HIPAA and the related regulations. See 42 U.S.C. § 1320d(6) (defining "individually identifiable health information" to include "demographic information"); 45 C.F.R. § 164.514 (classifying telephone numbers as individually identifiable health information).

More fundamentally, Plaintiff's argument misconstrues Defendants' burden-and the issue before the Court-at this stage of the analysis. The issue is not whether Plaintiff's conduct was actually a HIPAA violation, but whether the actual or perceived HIPAA violation constitutes a legitimate, nondiscriminatory reason for Defendant's decision to terminate Plaintiff. As noted above, it does. See. e.g. , Capps v. Mondelez Global, LLC , 847 F.3d 144, 152 (3d Cir. 2017) (holding that where an employer provides evidence that the reason for an adverse employment action was its "honest belief" that the employee violated a company policy, "that is a legitimate, nondiscriminatory justification for the discharge"); Fuentes , 32 F.3d at 763 ("The employer satisfies its burden of production by introducing evidence which, taken as true, would permit the conclusion that there was a nondiscriminatory reason for the unfavorable employment decision.").

C. Pretext

At this final stage of the analysis, "the burden shifts back once more to the plaintiff to show, by a preponderance of the evidence, that the employer's proffered legitimate, nondiscriminatory reason was pretextual." Willis , 808 F.3d at 644. To meet this burden, a plaintiff must identify evidence from which a reasonable jury could either: "(1) disbelieve the employer's articulated legitimate reason; or (2) believe that an invidious discriminatory reason was more likely than not a motivating or determinative cause of the employer's action." Fuentes , 32 F.3d at 764.

To establish pretext under the first prong of Fuentes , the plaintiff must do more than "simply show that the employer's decision was wrong or mistaken, since the factual dispute at issue is whether discriminatory animus motivated the employer, not whether the employer is wise, shrewd, prudent, or competent." Id. at 765. Instead, Plaintiff "must demonstrate such weaknesses, implausibilities, inconsistencies, incoherencies, or contradictions in the employer's proffered legitimate reason[ ] for its action that a reasonable factfinder could rationally find [it] 'unworthy of credence.' " Id. (quoting Ezold v. Wolf, Block, Schorr & Solis-Cohen , 983 F.2d 509, 531 (3d Cir. 1992) ). "If a plaintiff comes forward with evidence that would cause a reasonable factfinder to find the defendant's proffered reason 'unworthy of credence,' she need not adduce any evidence of discrimination beyond her prima facie case to survive summary judgment." Burton v. Teleflex Inc. , 707 F.3d 417, 430 (3d Cir. 2013) (quoting Lichtenstein v. Univ. of Pittsburgh Med. Ctr. , 691 F.3d 294, 310 (3d Cir. 2012) ).

Under the second prong of Fuentes , a plaintiff may establish pretext "by presenting evidence 'with sufficient probative force' so as to allow the factfinder to 'conclude by a preponderance of the evidence that age was a motivating or determinative factor.' " Willis , 808 F.3d at 645 (quoting Simpson , 142 F.3d at 644-45 ). This proof may consist of evidence that: "(1) the defendant previously discriminated against the plaintiff; (2) the defendant discriminated against others within the plaintiff's protected class; or (3) the defendant has treated similarly situated, substantially younger individuals more favorably." Id. With regard to workplace discipline, the relevant factors to consider in determining whether individuals are "similarly situated" may include a " 'showing that the two employees dealt with the same supervisor, were subject to the same standards, and had engaged in similar conduct without such differentiating or mitigating circumstances as would distinguish the conduct or their employer's treatment of them.' "

McCullers v. Napolitano , 427 Fed.Appx. 190, 195 (3d Cir. 2011) (quoting Radue v. Kimberly-Clark Corp. , 219 F.3d 612, 617-18 (7th Cir. 2000) ).

Here, Plaintiff first argues that a factfinder could disbelieve Defendants' articulated legitimate reason for terminating her because her "two business-related data accesses absolutely do not fall into the categories of conduct required for termination." (Pl.'s Opp. Br. 16.) Plaintiff essentially argues that she has established pretext based on her opinion that she did not access any PHI, that she had a business reason for the access,¹⁶ and that the circumstances did not warrant termination under her interpretation of MLHI's policies.

However, the record reflects-and Plaintiff does not dispute-that she accessed Hawkins' records in Invision twice, and that the screen she accessed contained "name, address, telephone number, social security number, date of birth, patient number, and dates of admission." (Pl.'s Opp. Br. 9; CSMF ¶ 25.) The Fair Warning system alerted MLHI that Plaintiff had accessed Hawkins' records, and there is no suggestion, nor any evidence, that MLHI or any of Plaintiff's supervisors targeted her for discipline, or that age was a factor in the Fair Warning algorithms used to flag Plaintiff's access of Hawkins' records.

MLHI's Confidentiality Policy and Code of Conduct treat patient and employee demographic information as confidential; permit employee access to that information only for a business-related purpose; and specifically prohibit "[u]nauthorized release/disclosure/access of confidential information" and "[u]nauthorized and/or non-business related access, use or disclosure of electronic protected health information." (SMF Ex. K.) Plaintiff received regular training regarding HIPAA, and she knew that she was only permitted to access patient data on a need-to-know basis, i.e. , as "need[ed] to do [her] job." (Pl.'s Dep. 92, 125.) Contrary to her training, Plaintiff contends that at the time, she did not believe her accessing of Hawkins' records was a HIPAA violation. She now understands that doing so violated MLHI's HIPAA/confidentiality policies, and that "[l]ooking for information on my co-worker[,] [r]egardless of whether it's medical records, room number, age, birth date, phone number, address, any of that would be co-worker snooping." (Terrell Dep. 140, 164-65.)

Plaintiff contends that her termination was a violation of MLHI's disciplinary policies, and that "termination was not warranted here given the benign data accessed by Plaintiff." (Pl.'s Opp. Br. 11.) Plaintiff also suggests that termination was unwarranted because it was not preceded by lesser progressive sanctions. (Id. at 13.) Plaintiff's arguments are belied by MLHI's Code of Conduct, Performance Management Policy, and HIPAA Sanction Guidelines, which provide that confidentiality violations may result in employment termination, including when the violations are "serious in nature" or are "either an egregious first time occurrence or a repeat occurrence of a behavioral or code of conduct violation." (SMF Ex. Q.) Other unrebutted evidence reflects that MLHI's disciplinary system is not progressive, and that where MLHI management deems it appropriate under the circumstances, infractions may result in immediate termination.¹⁷ See Williams v. Wells Fargo Bank , No. 14-2345, 2015 WL 1573745, at *9 (E.D. Pa. Apr. 9, 2015) (holding that defendant's failure to impose progressive discipline would not serve as evidence of pretext unless "a progressive disciplinary policy is 'mandatory or rigorously followed.' " (quoting Emmett v. Kwik Lok Corp. , 528 Fed.Appx. 257, 262 (3d Cir. 2013) ) ).

In short, other than her own subjective beliefs, Plaintiff has offered no evidence from which a reasonable factfinder could conclude that Defendant's proffered reason for terminating her lacks credibility. She has provided no evidence to support a finding of discrimination. Garrow , 2016 WL 5870858, at *7 ; see also James v. Sutliff Saturn, Inc. , 468 Fed.Appx. 118, 121 (3d Cir. 2012) ("[Plaintiff's] unsupported belief that he was fired for discriminatory reasons falls far short of establishing pretext."); Tolan v. Temple Health Sys. Transp. Team, Inc. , No. 09-5492, 2013 WL 706049, at *18 (E.D. Pa. Feb. 26, 2013) ("In the end we are left only with [plaintiff's] subjective belief that she was discriminated against, and that is not enough to survive summary judgment."), aff'd , 557 Fed.Appx. 132 (3d Cir. 2014).

Although one may have reservations about the wisdom of terminating an employee with Plaintiff's experience and tenure for electronically accessing a phone number that had already been made available to co-workers in paper form, "it is not for this Court to 'sit as a super-personnel department that reexamines an entity's business decisions.' " Carfagno v. SCP Distrib., LLC , No. 14-4856, 2016 WL 521196, at *5 (E.D. Pa. Feb. 10, 2016) (quoting Brewer v. Quaker State Oil Ref. Corp. , 72 F.3d 326, 332 (3d Cir. 1995) ). "Instead, this Court must determine 'whether the employer gave an honest explanation of its behavior' that is not discriminatory." Id. (quoting Brewer , 72 F.3d at 332.) Defendants have done so in this case.

Turning to the second Fuentes method of establishing pretext, Plaintiff contends that "[o]ther, non age-protected employees at Lankenau were not terminated for the same conduct." (Pl.'s Opp. Br. 3.) In an effort to support this contention, Plaintiff points to the MLHI records regarding other employees who were disciplined for improper records access since the implementation of Fair Warning. These records, outlined in the factual background above, simply do not reflect disparate treatment of age-protected employees and cannot support a reasonable inference of pretext. To the contrary, the records show that of the nine employees who were terminated for co-worker or celebrity snooping without permission, at least three were younger than 40 years old, and four were younger than Plaintiff. (Def.'s Mot. Ex. U.) Similarly, the evidence reflects that more than half of the fourteen employees who were not terminated were age-protected. Moreover, the conduct of the non-terminated employees is not closely comparable to Plaintiff's since those employees either had permission to access the records or, in one instance, the improper access involved an unknown individual and resulted from the employee's failure to log off of the electronic system.

As noted above, Plaintiff also claims to know of three other specific instances when one of her younger co-workers accessed employee patient records and was not terminated. However, Plaintiff's unsubstantiated assertions are the only evidence of these alleged incidents. The employees involved in these alleged incidents all denied that they engaged in any improper access of patient records. Moreover, even assuming that these employees accessed records as Plaintiff contends, there is no evidence that MLHI had any knowledge or notice of these incidents. Under these circumstances, Plaintiff's self-serving allegations of disparate treatment are insufficient to raise a genuine issue of material fact on the issue of pretext. See Irving v. Chester Water Auth. , 439 Fed.Appx. 125, 127 (3d Cir. 2011) (holding that in light of plaintiff's previous testimony and other record evidence, plaintiff's self-serving deposition testimony was insufficient to raise a genuine issue of material fact.)

V. CONCLUSION

For the foregoing reasons, Defendants' Motion for summary judgment will be granted. An appropriate order will follow.

Notes

1 Main Line Health, Inc. ("MLH") is also named as a Defendant in the Complaint. However, the parties agree that MLH was not Plaintiff's employer, and Plaintiff has stipulated to the dismissal of MLH. (Defs.' SJ Br. 13 n.1, ECF No. 17-1; Pl.'s Opp. Br. 7, ECF No. 18-4.)

2 HIPAA protects from unauthorized disclosure "individually identifiable health information," defined as "any information, including demographic information collected from an individual, that ... is created or received by a health care provider ... [and] relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and ... identifies the individual[.]" 42 U.S.C. § 1320d(6) ; see also 45 C.F.R. § 160.103 ("Protected health information means individually identifiable health information: (1) Except as provided in paragraph (2) of this definition, that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium."); 45 C.F.R. § 164.514 (classifying telephone numbers as individually identifiable health information).

3 Unless otherwise indicated, the factual background is undisputed and is derived from a combination of Defendants' Statement of Undisputed Material Facts ("SMF") (ECF No. 17-2), Plaintiff's Counter-Statement of Undisputed Material Facts ("CSMF") (ECF No. 18-2), Plaintiff's Response to Defendants' SMF ("Pl.'s Resp. to SMF") (ECF No. 18-3), and Defendants' Response to Plaintiff's CSMF ("Defs.' Resp. to CSMF") (ECF No. 19). We view the facts and reasonable inferences therefrom in the light most favorable to Plaintiff as the non-moving party. Anderson v. Liberty Lobby, Inc. , 477 U.S. 242, 255, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986).

4 The parties have attached non-identical excerpts of the deposition testimony of Plaintiff, Greg Papa, Allison Bennett, Andrea Ledford, Annette Frawley, and Linda Robinson as exhibits to their respective statements of fact. Initial citations herein to deposition testimony identify the exhibit references and transcript page numbers; subsequent citations refer only to the transcript page numbers.

5 Plaintiff also testified that she found the training "misleading" because it referred to "a patient," and, in her mind, a co-worker was different. (Terrell Dep. 127-28.) Plaintiff testified that when she accessed Hawkins' records she was not "looking at her from a patient aspect." (Id. )

6 Mitigating factors for a category 3 violation include: no re-disclosure; limited PHI accessed; one or low number of affected patients; patient suffered no financial, reputational, or other personal harm; and, action taken under pressure from an individual in a position of authority. (SMF Ex. R.) Contributing factors are: PHI posted to social media or disclosed to others; high exposure to [MLHI], such as large expense incurred; PHI downloaded/printed and further disclosed; specifically protected information such as HIV-related, psych, substance abuse, genetic data; sensitive data such as cancer diagnosis, abortion history; negative influence on others; and PHI not publicized by others. (Id. )

7 Ledford testified that she had no recollection of Plaintiff accessing Hawkins' Invision record on August 15, 2016, in connection with a scheduling issue. (Ledford Dep. 16-17, 19, SMF Ex. D and CSMF Ex. 6.) However, she testified that she would not have asked Plaintiff to call another employee scheduled to work a later shift. (Id. at 24.) Ledford explained: "I assume that everybody is going to show up unless they have called out. Call-out for a 2:30 shift is 11 o'clock in the morning." (Id. ) For purposes of this Motion, we accept Plaintiff's account of the events of that day.

8 Bennett testified that Plaintiff's conduct also was a violation of category 2: "Failure to follow established privacy/security policies and procedures." (Bennett Dep. 36-37.)

9 Plaintiff did not take the depositions of Kirkpatrick or Getty.

10 Specifically, Kirkpatrick denied "that he ever went into Invision or any other electronic patient record system to access the personal information of a co-worker without a legitimate business need." (Kirkpatrick Decl. ¶¶ 2-3, Defs' Resp. to CSMF Ex. B.) Getty stated that she "never went into Invision for any reason ... because, as a nurse, she access[es] patient records for business reasons through other portals." (Getty Decl. ¶ 4, Defs.' Resp. to CSMF Ex. C.) Getty also denied that she used any portal to retrieve any information about the employee Plaintiff identified, noting that she has had that employee's contact information in her cell phone for years. (Id. ¶ 5.) Robinson also denied Plaintiff's assertion about her, testifying that she "knows that accessing an employee's records is a 'no no.' " (SMF ¶¶ 86-87; Robinson Dep. 17, 36.)

11 Smart Chart is a separate system that contains both patient demographics and medical chart information. (Frawley Dep. 11.)

12 The protections afforded by the ADEA apply only to individuals who are at least forty years of age. 29 U.S.C. § 631(a).

13 The age-protected employees who were not terminated for HIPAA violations, and their birth years are: "J.A."-1967; "R.C."-1966; "W.S."-1971; "J.D."-1958; "J.D."-1954; "A.D."-1967; "R.S."-1967; and "K.Q."-1971. Two other employees who were not terminated were born in 1976 and may also have been age-protected at the time they were disciplined. (SMF ¶ 84; CSMF Ex. 25.)

14 The PHRA also prohibits age discrimination. It provides:

It shall be an unlawful discriminatory practice ... [f]or any employer because of the ... age ... of any individual or independent contractor, to refuse to hire or employ or contract with, or to bar or to discharge from employment such individual or independent contractor, or to otherwise discriminate against such individual or independent contractor with respect to compensation, hire, tenure, terms, conditions or privileges of employment or contract, if the individual or independent contractor is the best able and most competent to perform the services required.

43 Pa. Stat. & Cons. Stat. Ann. § 955(a). Because the same analysis applies to claims under the ADEA and the analogous provision of the PHRA, we address Plaintiff's claims collectively. Willis v. UPMC Children's Hosp. of Pittsburgh , 808 F.3d 638, 643 (3d Cir. 2015).

15 "Direct evidence of discrimination would be would be evidence which, if believed, would prove the existence of the fact [in issue] without inference or presumption. " Torre v. Casio, Inc. , 42 F.3d 825, 829 (3d Cir. 1994) (internal citations and quotations omitted).

16 Although it is not material to our analysis of the pretext issue, we note that Plaintiff's claim to have accessed Hawkins' records as part of "healthcare operations" is undermined by the fact that she never actually called Hawkins.

17 We also note that as an at-will employee, Plaintiff could be terminated for any reason, or no reason, as long as it was not discriminatory. "[A]bsent discrimination, an employee-at-will can be fired for any reason or no reason." Holocheck v. Luzerne Cty. Head Start, Inc. , No. 04-2082, 2007 WL 954308, at *7 (M.D. Pa. Mar. 28, 2007) (citing Droutman v. N.Y. Blood Ctr. , No. 03-5384, 2005 WL 1796120, at *2 (E.D.N. Y July 27, 2005) ); Poalillo v. Specialty Floorings Sys., Inc. , No. 08-5819, 2009 WL 2426139, at *4 n.7 (E.D. Pa. Aug. 5, 2009) (noting that an employer is under no obligation to provide an at-will employee with any kind of pre-termination process)

Case Details

Case Name: Terrell v. Main Line Health, Inc.

Court Name: District Court, E.D. Pennsylvania

Date Published: Jun 1, 2018

Citations: 320 F. Supp. 3d 644; CIVIL ACTION NO. 17-3102

Docket Number: CIVIL ACTION NO. 17-3102

Court Abbreviation: E.D. Pa.