Calif. Case Limits Health Care Data Breach Claims

The California Court of Appeal recently limited plaintiffs’ ability to state a claim under the California Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq., and their ability to get statutory damages under the act. Consistent with prior rulings in the data breach space, the court ruled that plaintiffs must plead and prove more than the mere allegation that a health care provider negligently maintained or lost possession of data, but rather that such data was in fact improperly viewed or otherwise accessed.

The Case -

Plaintiff Melinda Platter brought a class action against the Regents of the University of California seeking damages from unlawful disclosure of confidential medical information in violation of the CMIA. Regents of the Univ. of Cal. v. Super. Ct., 220 Cal. App. 4th 549 (2013). She alleged that certain patients treated at UCLA health care facilities had personally identifiable medical information stored on an encrypted external hard drive that was stolen from a doctor’s house in a home invasion robbery. Also missing was an index card near the computer that contained the password for the computer, which presumably would have permitted decryption of the data.

Originally published in Law360 on 12/2/2013.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP | Attorney Advertising

Written by:


Morrison & Foerster LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.