The California Court of Appeal recently limited plaintiffs’ ability to state a claim under the California Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq., and their ability to get statutory damages under the act. Consistent with prior rulings in the data breach space, the court ruled that plaintiffs must plead and prove more than the mere allegation that a health care provider negligently maintained or lost possession of data, but rather that such data was in fact improperly viewed or otherwise accessed.
The Case -
Plaintiff Melinda Platter brought a class action against the Regents of the University of California seeking damages from unlawful disclosure of confidential medical information in violation of the CMIA. Regents of the Univ. of Cal. v. Super. Ct., 220 Cal. App. 4th 549 (2013). She alleged that certain patients treated at UCLA health care facilities had personally identifiable medical information stored on an encrypted external hard drive that was stolen from a doctor’s house in a home invasion robbery. Also missing was an index card near the computer that contained the password for the computer, which presumably would have permitted decryption of the data.
Originally published in Law360 on 12/2/2013.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.