A thief stole a health care provider’s computer containing medical records of about four million patients. The plaintiffs filed an action under the Confidentiality Act [Civil Code section 56.36], seeking to represent, in a class action, all of the patients whose records were stolen, with a potential award of about $4 billion against the health care provider. The health care provider demurred to the complaint and moved to strike the class allegations, but the trial court overruled the demurrer and denied the motion to strike. On the petition of the health care provider, the appellate court issued an alternative writ of mandate to review the trial court’s rulings. The appellate court granted extraordinary relief and issued a writ of mandate ordering the trial court to sustain the demurrer without leave to amend, stating: “[T]he Confidentiality Act does not provide for liability for increasing the risk of a confidentiality breach. It provides for liability for failing to ‘preserve[] the confidentiality’ of the medical records. (§ 56.101, subd. (a).) There is no allegation that [the hospital’s] actions with respect to the records on the stolen computer did not preserve their confidentiality because there is no allegation that an unauthorized person has viewed the records.” (Sutter Health v. Sup. Ct. (Dorothy Atkins) (Cal. App. Third Dist.; July 21, 2014) 227 Cal.App.4th 1546, [174 Cal.Rptr.3d 653].)
Leave a Reply
You must be logged in to post a comment.