Governmental hospitals in Missouri (i.e., county hospitals, city hospitals, and hospital districts) are often targeted by data brokers seeking to use the Missouri Sunshine Law to obtain information to be included in their databases. This is then aggregated with other information in the database and sold or licensed to third parties. There are certain types of information in which data brokers have traditionally shown interest, including employment and computer hardware / software information. In reality, the only limit on the types of information that data brokers seek is their ability / inability to conceive of a way that the aggregation of such data can be sold or licensed to third parties for a profit.
The initial response of most governmental hospitals when a request for information is received from a data broker under the Missouri Sunshine Law is to deny the request as being outside the scope of the law (R.S. Mo. §§610.010 to 610.035). The logic of this response is that the Missouri Sunshine Law exists to allow citizens to monitor the workings of governmental hospitals, not for businesses to mine / harvest data for commercial purposes.
While this argument is logical, it is also inconsistent with the Missouri Sunshine Law, which places no limitations on who can seek information from a governmental hospital using the law and how that information is used by the requester. This fact is best illustrated in a case decided by the Missouri Court of Appeals for the Western District back in 1998.1
In this case, the court ordered a city hospital organized under Chapter 96 of the Missouri Revised Statutes to turnover to its direct competitor (a private hospital) pursuant to a request under the Missouri Sunshine Law sensitive business information which the competitor could use to improve its ability to compete with the city hospital. Despite the clear competitive disadvantage to the city hospital of being required to turnover this sensitive business information to its competitor, the court concluded that the Missouri Sunshine Law places no limitation on who can request information under the law or the purpose for which that information can be used by the requester. As a result, the court required the city hospital to turnover the requested information to its competitor.
Based on this decision, it is clear that a governmental hospital cannot deny a request for information from a data broker simply because the data broker plans to use the information for commercial purposes.
That said, governmental hospitals do have certain defenses and rights of which they can avail themselves when responding to a request for information from a data broker.
First, certain types of information are deemed to be closed under the Missouri Sunshine Law and, as a result, not subject to disclosure in response to a request for information.2 Notably, personnel records, performance rating, and records relating to employees and applicants are deemed to be closed records, provided that a governmental hospital is required to disclose the name of each employee, their position, their salary, and their length of service. Similarly, records that identify the configuration of components or the operation of a computer, computer system, computer network, or telecommunications network, and would allow unauthorized access to or unlawful disruption of a computer, computer system, computer network, or telecommunications network of a governmental hospital are closed records and not subject to disclosure.
There are numerous other types of records that are closed under the Missouri Sunshine Law. As a result, a governmental hospital should carefully scrutinize any record request it receives from a data broker to determine whether any of the requested records are closed records under the law.
Second, the Missouri Sunshine Law requires governmental hospitals to provide copies of existing records to requesters, not to create records that do not exist. Unfortunately, given the prevalence of computer-based records systems, determining exactly what qualifies as an “existing record” is more difficult than it was when records were maintained in paper form. If a governmental hospital has previously created a spreadsheet listing each of its employes, their position, salary, and length of service, that spreadsheet is an existing record. If a governmental hospital has not previously produced such a spreadsheet but could easily do so using its computer-based records system, there is at least an argument that this is an “existing record” given the ease with which it can be generated from existing records in the database. Missouri courts have not definitively addressed this issue.
Nonetheless, when responding to a request for records by a data broker under the Missouri Sunshine Law, government hospitals should carefully consider the specific documents requested by the data broker with the following three questions in mind:
- Does the governmental hospital have any existing documents (records) that are directly responsive to the request? If so, those documents need to be produced with any closed information removed or redacted.
- Does the governmental hospital have one or more existing documents (records) that include parts or pieces of the information responsive to the request? If so, those documents will need to be produced with the closed information removed or redacted.
- How difficult or expensive is it for the governmental hospital to use its computer-based records system to create a document directly responsive to the request as compared to producing heavily redacted existing records? In many situations, creating a document in this way that is directly responsive to the request is the best path forward and, as a result, that newly created document should be produced. Doing so also improves the ability of the government hospital to provide the records in the format requested by the requester (which is also required by the Missouri Sunshine Law).3
Finally, a public governmental hospital can charge the requester for the cost of searching for and copying the requested documents.4 If a governmental hospital plans to charge the requestor for the records, it needs to advise the requestor of this fact and allow the requestor to withdraw the request if they are unwilling to pay such costs. The fees themselves are relatively small (though they can add up if the amount of information requested is significant). Fees are unlikely to be an impediment for a data broker, but charging appropriate fees is one more step a governmental hospital can take in response to a request for information from a data broker.
Unfortunately, the Missouri Sunshine Law does not protect governmental hospitals from requests for information from data brokers. That said, the Missouri Sunshine Law does give governmental hospitals certain defenses and rights that can be deployed in responding to such requests. Knowing their rights and obligations under this law is the best way for governmental hospitals to comply with the law without disclosing more information than absolutely necessary.
This blog was drafted by Joseph Hatley, an attorney in the Spencer Fane Kansas City, Missouri, office, and Donn Herring, an attorney in the Spencer Fane St. Louis, Missouri, office. For more information, visit www.spencerfane.com.
—
1 984 S.W.2d 113 (Mo. App. 1998).
2 R.S.Mo. §610.021.
3 R.S.Mo. §610.023.3.
4 R.S.Mo. §610.026.
Click here to subscribe to Spencer Fane communications to ensure you receive timely updates like this directly in your inbox.
