Boston Children’s Hospital says that when it terminated a research fellow’s employment, he took the laptop he used in his work to a computer forensics company and had all the data, including data owned by the hospital, cloned. The hospital claims he refused the hospital’s demand to turn it over. To get it back, the hospital filed an action for conversion and replevin.
The hospital rested its case on not one but three different policies. The Acceptable Use Policy says the hospital owns all information stored or transmitted over its computer and network resources. The Participation Agreement says it owns all property developed within the scope of employment. The Intellectual Property Policy says it owns property produced through substantial use of hospital property, content relating to research conducted for the hospital, and research developed on hospital premises.
The employee’s position was that some of the information was personal and wasn’t covered by the policies. The hospital responded that none of the three policies contained a carve-out for personal information.
On April 25 the court denied the hospital’s motion for judgment on the pleadings on both the conversion and replevin counts, ruling that material facts remain in dispute: Does the data include personal information not transmitted or stored over the hospital’s network, not created with hospital resources, within the scope of employment, on hospital premises, or in relation to hospital research. So the case will move forward.
Hospitals may want to double-check—better make that triple-check–their policies on computer information.
The case is Children’s Hospital Corp. v. Cakir, No. 15-cv-13281, 2016 BL 132499 (D. Mass. 2016).