Trade Secrets In Healthcare

Trade Secrets In Healthcare- Protect Your Practice

Despite its humanitarian goals, healthcare is a trade and business like any other and has valuable assets to protect. One those assets is confidential information such as patient lists, financial information, contract rates, client lists, and methods of doing business. This type of information can be protected as a trade secret which gives you powerful legal rights. Documents, files and information in any format, hard copy or computerized can be protected as confidential or trade secrets.

The protection of your valuable information arises often when a physician employee, partner or shareholder, or other employed healthcare professional, leaves one employer to work for a competitor, or sets up new competition. Even if you have an employment agreement with them containing a non­ compete agreement, such a provision generally is unenforceable in California, unless in connection with the sale of the business or an equity position. However, you can stop them from using your confidential and trade secret information if you take the required steps to protect the information.

Healthcare providers and businesses often fail to appreciate the value of their information as assets and what they need to do to protect them. More and more healthcare providers and businesses are being required by HIPAA and HITECH and other similar laws to maintain the confidentiality of their records, but those requirements do not suffice for trade secret protection under the law. Further, HIPAA and HITECH generally involve only patient information and not financial and other confidential information of the business, such as contract rates. This article sets forth why it is important for healthcare providers and businesses to be aware of the requirements and what those requirements are.


The following are examples of possible trade secrets in healthcare: patient lists, RVU information, contract rates, contract terms, financial information, collection rates, methods and practices of doing business.


If healthcare providers and businesses, no matter what their size, do not take measures to protect their information, they will have great difficulty protecting it when the need arises.

For example, your IT person leaves your employ and joins a competitor. The IT person could be an independent contractor.  Next thing you find out, your competitor is undercutting your rates and you start losing contracts. You believe he shared confidential information about your business. How do you stop this person? The trade secret law gives you the right to an injunction which is an immediate court order stopping them from using the information. However, you will need to show the Court that you took reasonable steps to protect the information and treated it as a trade secret.

Another example is a physician partner or shareholder leaves your group to join another who does not yet compete with you. In the course of the discussions with the new medical group the physician shares some of your financial information enabling the group to set up a new division or practice area it did not have before, which competes with you. You start losing business as a result and suffer damages. The California trade secret law gives you the right to sue them for damages and for unjust enrichment.

A further example is a medical device manufacturer whose engineer leaks information to a start-up company that he owns and has an equity interest in. The start­up unfairly competes and begins to take market share away from you. If the manufacturer has not taken steps to protect the information, it will not be able to protect the information and stop the theft.


Under the California Uniform Trade Secrets Act (which begins at Section 3426 of the California Civil Code) “trade secret” is defined very broadly. It means information, including a formula, pattern compilation, program, device, method, technique, or process that:

  1. Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by, proper means by other persons who can obtain economic value from its disclosure or use; and
  2. Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

Both a) and b) must be met in order for a healthcare provider to protect its information Patient lists and contract rates are good examples of information that is not generally known to the public and which have independent economic value from not being known. The rates could be used by other providers to undercut the competition in contract negotiations . The patient lists could be used to solicit patients and use their protected health information for improper purposes. This type of information cannot usually be ascertained from public records or other proper means.

For example, information such as billed charges is sent out to insurance companies and to the patients themselves in the form of EOBs, such that they would not be considered confidential or a trade secret because they are known to the public. Further, billed charges, in today’s world, do not have any real independent economic value because they are generally discounted by contract or fee schedule and the like. However, contract rates or financial information is not generally sent anywhere, is proprietary and could be a trade secret if it meets the above tests and you have the taken the steps described below to protect them .

Physician productivity information, such as RVUs, is not usually shared with others and could be deemed a trade secret. However, there may be instances where such information is generally ascertainable from MGMA reports or other trade publications which could diminish its independent economic value and thus not make it a trade secret. Keep in mind that there are some cases holding that even though information by itself was not a trade secret, when combined with other information in a novel way, it could be deemed a trade secret.


The following are the criteria for a judge or jury to decide if you or your business took reasonable steps to protect your information:

  • Whether the information was marked with confidentiality warnings;
  • Whether you instructed your employees and advised them as to the confidential nature of the information;
  • Whether you restricted access to those who have a business reason to know the information;
  • Whether you kept the information in a restricted or secure area;
  • Whether you required employees or others with access to the information to sign confidentiality or non-disclosure agreements;
  • Whether you took any action to protect the specific information or whether you relied on general measures (an employee handbook will not suffice);
  • Whether there were other reasonable measures available to you that you did not take.

You cannot control what a judge or a jury will determine with respect to information that was misappropriated from you or your business, or what value it may have.  What you can control is what you can do to protect your information , and you should take action as soon as possible.

AMADOR LAW CORPORATION, 21250 Hawthorne Blvd., Suite 700, Torrance, CA (310-792-7400).