A computer was stolen from a medical center in 2011, containing an index dating back to the 1980s of over 500,000 persons’ names, medical record numbers, ages, dates of birth, and the last four digits of their Social Security numbers. The medical center informed those individuals of the theft. A few of the persons named in the index brought a class action against the medical center seeking damages of $1,000 for each person named. The medical center moved for summary adjudication on the cause of action for violation of the Confidentiality of Medical Information Act [CMIA; Civil Code section 56], contending the theft of the computer did not result in a disclosure of medical information of any of the listed persons. It argued information about an individual’s medical history, condition or treatment is saved only on servers located in its data center. The appellate court granted extraordinary relief, concluding the health care provider cannot be held liable “for the release of an individual’s personal identifying information that is not coupled with that individual’s medical history, mental or physical condition, or treatment.” (Eisenhower Medical Center v. Sup. Ct. (Carmen Malache) (Cal. App. Fourth, Div. 2; May 21, 2014)226 Cal.App.4th 430, [172 Cal.Rptr.3d 165].)
Leave a Reply
You must be logged in to post a comment.