HIPAA Complaint Seeks Class Action Status

more+
less-

A complaint filed in the Superior Court of California on March 14, 2014, requested certification as a class action and sought a wide variety of damages arising from a breach of personal information. Doe vs. Sutherland Health Care Solutions Inc.; County of Los Angeles, et al., No. BC 539436. According to the complaint, in some cases on the plaintiff’s “information and belief,” Sutherland is a billing company providing services for the Los Angeles County Department of Health Services and Department of Health. There are six separate causes of action, all arising under California statutory and common law. (HIPAA does not specify a private right of action for individuals.) The damages sought include not only the cost of identity theft but also, among other things, damages for lower credit scores, time spent rectifying credit problems, purchasing a home security service and for “fear, anxiety and stress.” The allegations are that an unencrypted lap top containing information of “hundreds of thousands” of individuals was stolen from Sutherland. No response to the complaint has been filed as of the date of this publication. In general, however, two things are particularly interesting about the complaint. The first is that the plaintiff seeks to have it brought as a class action. Under the California requirements cited in the complaint, the matter could go forward as a class action because (i) the defendants are so numerous that joining them as individuals is impracticable; (ii) common questions of law and fact will be the predominant issues in the case; (iii) the designated plaintiff will fairly and adequately represent all members of the class; (iv) a class action is a superior means of obtaining a fair and efficient adjudication of the matter; and (v) information available from the defendants will allow notice to members of the class to be notified of the class action. The complaint is also interesting because both the County (the client) and Sutherland (the contractor) are alleged to be liable, based in large part on the Sutherland’s alleged lack of encryption of the stolen laptop. The complaint states several theories of joint liability.

 

Topics:  Class Action, Class Certification, Data Breach, HIPAA, Personally Identifiable Information, PHI

Published In: Civil Procedure Updates, Civil Remedies Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ober|Kaler | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »